Slashdot Mirror
Microsoft Wins $3.95 Million from Spammer
LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."
It seems rather dumb of MS not to have registered windowsupdate.com in the first place.
There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
Obviously it'll never happen, but it would be nice if all the proceeds of these victories against the scumbags were given to anti-spam projects and organisations to develop more robust hosting (to deflect spammer/virus author DDOS attacks) and improve the filtering software. It would also really annoy the spammers to see such projects getting massive cash injections ;-)
I recently added rbl support (spews and spanhaus), spamassassin and the mimedefang milter to our company incoming mailserver and it's REALLY making a difference! Since I have a corpus from hundreds of people too, the bayesian side is already extremely good. It still lets the odd scam through, but being a company I can't afford to block anything by accident.
Code, Hardware, stuff like that.
Talk about conflicted. I'm not sure who to root for. Did the spammer use Linux?
So, what do you do when evil is fighting evil?
1. Write a popular mail client which automatically executes arbitrary code.
2. Sue the people who hijack PCs via the above mentioned mail client.
3. Profit!
The enemy of my enemy is my friend...
I feel confused.
bash$
While I have not RTFA here (hell, this *is* /.), I would also have tended to want to side with the Redmond lot on this one.
:-)
Registering a website with that name so he could send spam, he deserved all he got. What Microsoft do with the money is another matter.
This is an example of what I would consider fair use. Not sure that they have updated it in the last 10 years though
Mielipiteet omiani - Opinions personal, facts suspect.
As one of those who reported this to Microsoft, perhaps I should get some of the settlement? Don't suppose that's likely though...
rewarding Microsoft = bad!
why am I so split over this?
[set headbangmode = 1]
"It is a greater offense to steal men's labor, than their clothes"
These law suites are good for victim satisfaction, but will not stop spammers, and in both the large and small of things really have no effect at all on spam.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
While I think it's great that yet another "identity thief" (sort of) has been busted, this does little to stem the flow of spam. What we truly need are more cases that are strictly based on the sending of unsolicited commercial e-mail. We've got some great and not so great legislation out there to protect us... why aren't we using it? Because it costs too much?
And yes, I know that there have been a few landmark cases recently, but a few big falls aren't going to convince spammers as a whole to stop spamming. An concerted effort to shut them down via thousands of small lawsuits from you and I would be much more likely to have an effect, in my humble opinion.
i am wondering if that means that M$ is actually getting those 3.5 million bucks from him, or more than 50m$ from all the spammers.
Did the guy keep a couple of millions in the attic, just in case? Or is he broke, struggling to pay his lawyers..?
In other news, SCO wins $699 from Satan, Lord of Lies.
Yep.
"In normal times, evil should be fought by good, but in times like this, well, it should be fought by another kind of evil." ..Come on, I had to.
Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.
Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.
It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus operates almost entirely on contibutions and sponsorships, Spamcop has a legal defence fund, Spam Assassin is now under the auspices of the Apache Foundation... the list goes on.
UNIX? They're not even circumcised! Savages!
It's unclear what you mean, but have you seen:
http://www.proxypot.org/ ?
They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.
As a bonus, none of the spam that the spammers try to send through them reaches any victim.
For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)
It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.
Give me a break. $54 million is pocket change to Microsoft, and there's nothing "quick" about our legal system.
Internally, spam hurts Microsoft as much as it hurts any other company that depends on email for their day-to-day operations. Externally, it makes Hotmail and MSN email accounts much more expensive to provide.
No doubt Microsoft is not acting solely for the public benefit -- I'm sure they're seeking some good PR from their campaign against spammers. But to ascribe their actions entirely to greed and to say spam doesn't hurt Microsoft is asinine.
My room mate put a fresh windows install on the Net and had the RPC service exploited within minutes, with a dialog directing her to that site to pay for an "update" which would "fix the problem." It also installed a variant of some worm or other with some nasty back doors, which subsequent virus scanning and firewalling took care of. Nice to see Microsoft nail this asshole's hide to the wall, even if it's just a tiny grain of sand in the beach.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
*mumble*Idiotic food bigots*mumble*
The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches.
No but from this article on The Register:
"In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."
Ya know, as much as the /. community dosen't like Microsoft empire for one reason or another, this is one victory we can all applaud.
Strange, isn't it?
---
IMHO, of course.
May the SOURCE be with you.
I have noticed this with bank websites as well. When online banking first grew big, I got an email survey that asked for personal information and led me to a third party site. I asked the bank if the survey was legit and they said it was. More recently the bank started letting users log in from an unsecured home page. Passwords seem to be protected, but we now have introduced a system in which users are accustomed to submitted sensitive information on unsecured pages. This habit can only benefit the crooks. I mean the latest exploit, involving ads on bank pages, should have been identified early as a security risk. I guess the risk to customer was less than the greed of the banks.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I guess that it's not dead after all...
No, he uses BSD, so his business is dying.
I support the Center for Consumer Freedom
Windows Update is owned by microsoft - in fact, it is one of the URL's that the blaster worm DOS'ed.
According to this register article that someone posted, the website that the spammer registered was windowsupdateNOW.com
I have blog like everyone else
"The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."
If it really did, Microsoft would have a fit! Either that, or it'd automatically download and install the Linux distro of the writer's choice.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
WARNING - do NOT click on the link above if you are running Microsoft Internet Explorer with Active-X controls enabled.
In most states in the U.S., there are only very few types of cases where the courts allow the prevailing party to recover attorney's fees from the losing party... which is assuming that Microsoft would prevails in every case, and would never have to eat a whole lot of attorney's fees in a losing case. Also, MS would not be able to recover the costs it incurred sending executives to depositions, having its executives keep track of the case, etc. Moreover, it is not going to be able to recoup its customer support costs and loss of good will (yes, MS does in fact have some with the general public) from customers who forgot that the site they needed to go to was windowsupdate.MICROSOFT.com instead of just windowsupdate.com, and then got screwed. Those costs alone far execeed the amount of money it would take to reserve 10,000 domain names.
Did they click on the blinking monkey?
My new
Maybe they should pay the fines in vouchers for spam. That's how microsoft likes things isn't it?
pandnotpian.org. The untruth will set you free!
Remember: Spammers are completely financially motivated. The reason they do what they do is because they can make easy money at it. Well, the biggest way to reduce the amount of SPAM is to make it less profitable. We cannot, unfortunately, stop idiots from bying from spammers. What we can do, however, is raise the cost of spamming through fines and lawsuits.
If spammers are getting sued and arrested left and right, and loosing all their ill gotten gains from it, makes it much less likely they'll go back in to spamming in the future, and less likely that others will go in to it.
This is different than drugs, because in the case of drugs, the dealers are providing something that people WANT to get. They want it to the point of paying an obscene amount for it, thus demand stays high. People DON'T want SPAM. Generally even those that buy form it don't want it, they are just gullible. So people will not seek out SPAM or pay obscene amounts for it.
Thus if SPAM is a risky bussiness where one faces lawsuits, fines, and jail time, it is less likely that people will do it. It won't eliminate it, of course, you never eliminate something by making it illegal, but it can and will reduce it. Combine that with better SPAM filtering technology, which means less e-mail will reach potential buyers and again reduce profitability, a real dent CAN be made.
The "we can't do anything so we might as well give up" attitude is stupid. Applied to all crime, you have anarchy. You can't PREVENT things by making htem a crime, that is impossible. You can REDUCE them, however, and that is worth doing. Just because murder happens I don't think you'll hear anyone saying we should make killing people legal since the law hasn't stopped it from happening.
I worked for this guy for a few months. He is the most disreputable excuse for a human being I've ever had the misfortune to know. I was young and stupid and I worked on a verbal contract through a friend who worked for him directly, and an assumption of trust once I got past a few paychecks. My huge mistake. He kept asking me to give him time, and by the time I broke down and refused to work for him anymore until I got paid, he owed me 8.5 thousand dollars. I was broke at the time and couldn't afford the time or money to sue for what was mine, especially without a written contract. My mistake in trusting him singlehandedly ended my consulting career.
This guy uses obviously program-generated lists of emails to basically spam every possible email address in several popular domains - aol, hotmail, etc..
In case anyone wants to discuss his case,
His cell phone number is (or at least used to be) 818-516-3999.
His work phone number is (or at least used to be) 800-516-3999. I believe the phone was answered as "mainstream advertising".
His email was dk@global2000.com, but I doubt it's still the same.
I have a bigger grudge against DK than anyone. It is thrilling to hear of MS's victory in this case. it's nice to hear of them doing good for once!
Anyone else out there know him? I know from friends that I am far from the only person who he screwed over.