Slashdot Mirror
FTC Files Spyware Case Against Sanford Wallace
An anonymous reader writes "Legendary reformed spammer Sanford Wallace is apparently back in business, under suspicion by the Feds for advertising a trojan spyware removal tool. Wallace 'admit[s] no wrongdoing', but in the next breath says 'The FTC is trying to enforce a law that hasn't even passed', referring to the proposed anti-spyware legislation currently in Congress."
False Adverising... Fraud... there's surely something else he can be chared with.
"J" (who in his anger may have been under the mistaken impression that I'm associated with Spy Wiper) intends to sue Spy Wiper. He says that when Spy Wiper opened his CD-ROM drive, it popped his infant in the eye. The infant had to be taken to the emergency room.
This seems a bit more like extortion to me as he's doing something obnoxious to somebody and then asking for money to stop.
This may be the tactic that the FTC goes with in prosecuting.
Better yet, use Firefox on a non-MSWin operating system on a non-x86 machine.
This is even possible on reasonably priced machines. I run the amd64 versions of FreeBSD and Linux on most of my machines; I don't think I'm a very likely target for any kind of malware!
There's a good article about fatass, er Wallace over on Wikipedia.
In short:
- Wallace use to junkfax until the junk fax law went into place.
- Wallace formerly ran Cyber Promotions, the biggest spammer on the planet at the time, and specialized in things like relay repaying, false return addresses, and outright lying about his lists being "opt-in". It took a permanent injuction to get him to stop.
- Now he's doing spyware and demanding money from people with infected computers.
It's been said before and it's worth repeating again: Wallace has repeatedly shown little respect for other peoples' property and resources. He has no place in society. As far as I'm concerned, he should be locked up for the rest of his natural life.
If I sound bitter, it's because I had to deal with Cyberpromo junk (and that from their rogue ISP, AGIS, if anyone remembers them!) back in the 90's and know exactly how incorrigible he is.
And, be sure to fact-check ANYTHING that comes out of his mouth. I mean it.
I'd favour the "Casino" approach to spammers. They can choose walk away without the money; or keep the money and have their fingers pounded into bloody mess.
How popular is/was Internet Explorer? The largest resaon so much was found in IE was so much attention was given to IE since it is the largest browser by far, and was even larger in the past. Now, as Firefox is growing, it's being targeted. I've started seeing sties that try to send you a mozilla installer package if you are using Firefox, an ActiveX control if oyu are using IE.
If you seriously think Firefox is bug free, well you are sticking your head in the sand. The question isn't if Friefox has exploitable bugs, it does, everything does, the question is when one is found, what happens? The OSS community argues that this is where the strength is, it'll be fixed in a big hurry, so consumers don't have to worry.
Well the thing is, receant events are calling that in to doubt. Salshdot has reported on the two big security bugs in the last couple of months that sat unfixed for YEARS, basically until a big public stink was made about it. So it may be that in reality Firefox is LESS safe.
I use it, since I like it better, but if you think that it has some magic OSS shield that protects you, think again.
Also, the vast majority of spyware, including the spyware in the article, gets on through user stupidity, not exploits. This particular software is the popup/banner nature. It tells you to download it. Users do that, and then it's got them. Others provide some feature people want, like comet cursor, that then also spys on people. Still more just piggy back on top of other software, like the loads of shit that comes with Kazaa.
First, let me stress that this should not be done in IE, or even on Windows. You have been warned.
Second, check out http://www.freevegasclubs.com/. Specifically view source and look for the mp3 link that's hidden in comments. Download and hear Sanford's name. Note the irony when you read "Don't worry, we don't sell names to spammers!"
Third, check out this link (again! don't do this on IE): http://www.freevegasclubs.com/serve.cgi?1 This was obtained by going to a hidden link that redirected to this. Don't ask me what the original URL was -- I don't have a record of it right now. I discovered it earlier this week when my Snort detector went off with a WSH exploit and I noticed some of my internal minions being trojaned.
So what does that serve up? That would be his trojan code. A IE WSH exploit. It downloads and installs some files over FTP. If you go to the FTP site that's listed in the code, you can download all his stuff. Here's a breakdown:
I'm pretty sure the stuff that ClamAV doesn't catch are trojans and/or spyware. Just haven't had the chance to analyze and submit yet...
Have fun, and don't get caught without proper protection.