Microsoft Wins $3.95 Million from Spammer

← Back to Stories (view on slashdot.org)

Microsoft Wins $3.95 Million from Spammer

Posted by CowboyNeal on Saturday July 17, 2004 @01:26AM from the little-guy-finally-wins dept.

LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."

3 of 169 comments (clear)

Min score:

Reason:

Sort:

Re:I have to say... by Anonymous Coward · 2004-07-17 02:13 · Score: 5, Informative

This article seems to be mistaken. The domain ownership for windowsupdate.com, according to NSI (no link to their evil whois-substitute), is:

Microsoft Corporation
Carolyn Gudmundson
One Microsoft Way
Redmond, WA 98052
US

Other articles on this story say that the spammer used the domain windowsupdatenow.com, which is owned by:

Windowsupdatenow
8975 hoello
brazil city, brazil none
BR
Re:Am I my keeper's brother? by minas-beede · 2004-07-17 02:17 · Score: 5, Informative

It's unclear what you mean, but have you seen:

http://www.proxypot.org/ ?

They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.

As a bonus, none of the spam that the spammers try to send through them reaches any victim.

For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)

It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.
Toolbar... by ideatrack · 2004-07-17 02:55 · Score: 5, Informative

The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches.

No but from this article on The Register:

"In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."