Digital Media

Cutwail's spam activities on Thursday as Pricewert got shut down.

(Credit: MessageLabs)

It's been almost a week since the Federal Trade Commission had the allegedly rogue Pricewert ISP shut down, and it seems like the Internet has indeed been a safer, or I should say slightly less dangerous, place.

The FTC charged that Pricewert's distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers caused substantial consumer injury and was an unfair practice, in violation of federal law.

According to Symantec, the Cutwail botnet--one of the most notorious botnets, accounting for up to 35 percent of all spam in May across the globe--experienced a major blow to its track record after the shutdown late Thursday of Internet service provider Pricewert.

Another botnet Pricewert is allegedly involved with is the Pushdo, which was also reportedly affected. Both Pushdo and Cutwail reportedly used 3FN, one of the names Pricewert did business under, as botnet control servers.

According to the data released Monday by TRACElabs, the overall spam volume index has been reduced by 15 percent since Thursday. However the day-by-day number has gradually increased.

This means a couple of things.

First, either the timing of these changes was a coincidence or Pricewert was indeed involved in this nasty business. It's important to note that the company has not yet been convicted of any wrongdoings. The first court hearing is scheduled for June 15.

Second, it's likely that the spammers will soon recover from this heavy blow as many similar companies are based outside of the U.S., where the anti-spam laws are not strictly enforced.

Nonetheless this for now looks like an apparent victory for the authorities and for all the Internet users. In terms of its long-term impact on spam, Symantec's MessageLabs Senior Anti-Spam Technologist Matt Sergeant told CNET News: "For now, we will see spam levels lower than usual, but we expected the swift comeback of Cutwail. The spammers learned that they can't put all their eggs in one basket and need to have backup command and control."

It's indeed wait and see, but so far I personally have received less spam in the last few days. How about you? Share your thoughts about this case and your recent spam experience, in the comment area below.

This chart describes the percentage of greenhouse gas emissions associated with each component of spam energy use.

(Credit: ICF/McAfee)

Not only is spam a nuisance and sometimes criminally deceptive, it's got a carbon footprint.

The mere act of people around the world deleting spam and searching for legitimate e-mail falsely labeled as junk creates the annual energy consumption equivalent in the U.S. of 2.4 million homes using electricity and the same greenhouse gas emissions as 3.1 million passenger cars using two billion gallons of gas.

That's according to "The Carbon Footprint of Email Spam Report" conducted by climate-change consultants ICF and commissioned by security vendor McAfee.

The average greenhouse gas emission associated with one spam message is 0.3 grams of CO2, about the same as driving three feet in equivalent emissions. When multiplied by the 62 trillion spam e-mails sent globally, that is like driving around the Earth 1.6 million times.

Eighty percent of the energy consumption associated with spam messages come from people having to do spam maintenance, the report found. Spam filtering accounts for only 16 percent of the energy use and saves the electrical equivalent of taking 13 million cars off the road per year.

If spam filters were used universally, the energy saved would be equivalent to taking 2.3 million cars off the road, the report said.

When major spam-hosting provider McColo was taken offline last November, global spam volume dropped by 70 percent overnight. That was the equivalent of taking 2.2 million cars off the road. Unfortunately, spam levels are back up as the spammers found other places to host their spam command-and-control servers.

Goodmail Systems unveiled on Thursday its CertifiedVideo, which offers streaming video capabilities within e-mail.

Goodmail, which provides companies and nonprofits with encrypted e-mail, is adding embedded streaming video capabilities to its service.

"Americans watched more than 14 billion online videos this past January alone. With CertifiedVideo, consumers can now watch videos within their e-mail in-box without having to click to an external Web site, and brands can tap into shifting media consumption habits and craft truly interactive, e-mail 3.0 marketing campaigns," Peter Horan, Goodmail CEO, said in a statement.

AOL is the first e-mail provider to offer Certified Video. Among the companies sending footage over the e-mail service are Country Music TV, LiveNation, The New York Times, and Target.

With its CertifiedVideo service, Goodmail first analyzes a prospective sender's video player for code stability and platform compatibility, with the aim of ensuring the video can be delivered and viewed. After it's been approved, a sender can use Goodmail's CertifiedEmail system to add encrypted video tokens to outbound messages.

The outbound messages are designed to notify the recipient's e-mail provider to deliver the message directly to the recipient with the video content enabled, according to Goodmail.

From a MySpace-related suicide to hate speech on YouTube, the world of user-generated content has been plagued by plain, old nastiness since its early days.

That's why, as part of the Family Online Safety Institute conference in Washington, D.C., YouTube parent company Google has unveiled an "Abuse and Safety" resource guide.

According to a post on the official Google blog, the new section of YouTube's help center features "straightforward safety tips and multimedia resources from experts and prominent safety organizations" regarding topics like cyberbulling, privacy, spam, and sexual exploitation.

YouTube also said that the resource guide will make it more straightforward to find out how to manage privacy and safety settings.

The dark underbelly of online video was in the spotlight once again when a Florida teenager used live-streaming service Justin.tv to broadcast his suicide last month.

Facebook has been awarded $873 million in damages against a Canadian man accused of sending spam messages to its members.

The default judgment was issued in federal court in San Jose, Calif., on Friday against Adam Guerbuez, of Montreal, and his company, Atlantis Blue Capital. The ruling also forbids Guerbuez from using Facebook or interacting with its members ever again.

Facebook doesn't expect to necessarily collect the money because "it's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them," Max Kelly, Facebook's director of security, wrote in a blog posting on Monday. "We are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users."

Neither Guerbuez, who has made money selling videos showing people attacking the homeless in Montreal, nor Atlantis Blue Capital could be reached for comment.

Facebook noticed an uptick in spam beginning in the spring, with Facebook members receiving messages from friends and other members offering things like herbal marijuana and male enhancement pills for sale, a spokesman said. The messages were coming from Facebook accounts that had been compromised.

Facebook sued under the Can-Spam (Controlling the Assault of Non-Solicited Pornography and Marketing) Act, which bans "false and misleading" marketing e-mails. Although the law was written for e-mails, a judgment in favor of MySpace in May set the precedent for extending the law to messages sent within social networks. In that case, MySpace was awarded $234 million to be paid by so-called Spam King Sanford Wallace and another man.

The Facebook award is the largest judgment in history for a case brought under the Can-Spam Act, according to Kelly.

Facebook has beefed up its antispam technology since the spring, creating tools that can delete spam messages from accounts and block URLs that direct people to spam Web sites.

Twitter founder Evan Williams tweets about the company's plans to hire a spam engineer.

(Credit: Twitter)

Twitter is stepping up its actions to fight spam, which has been plaguing the site since earlier this year and appears to be spiking this week.

The company is looking to hire a spam engineer, preferably one who has worked at a big search or e-mail company, according to a tweet by founder Evan Williams.

That person would likely work closely with the "spam marshal" that was hired in August.

The hiring move was praised by the Twitter community.

The latest job posting "is another sign that Twitter is maturing as a business and is using its VC funding wisely," says a post on the Stop Twitter Spam blog. "And it's a refreshing move by a company who seems to understand that cutting engineers when your product is 'ready' is a short-sighted move that will hurt you in the long run."

Twitter also has changed the way it handles suspended spammer accounts, replacing the entire suspended page instead of redacting the Web links but leaving them in the profile section.

However, the suspended profiles remain viewable in Profile Search, and people may still stumble across the suspended sites with the rogue links that way, notes Chris Boyd, research director at security specialist FaceTime Communications.

"All in all, a good move to combat the increasing amounts of rogue profiles clogging up Twitter--and kudos to them on waving the banhammer at so many spam profiles overnight. Quite the bloodbath, from the looks of things," Boyd wrote in a blog post.

Those with suspended Twitter accounts will now see this message.

(Credit: Twitter)

An old computer art form is making a comeback as a newer way to evade spam filters.

For decades, computing fans have enjoyed a form of expression called ASCII art that shows pictures or messages as a low-resolution graphic, a grid made of numerous computer characters encoded with the venerable ASCII standard. With a photo digitized with ASCII art, for example, the "#" character can represent a dark pixel and "." a light pixel. And there are large fonts constructed from an assemblage of individual characters.

Now the technique has surfaced as a way to transmit information that's hard for spam filters to detect--but that so far, at least, has proved relatively harmless beyond that stage.

An example of ASCII art spam.

(Credit: Stephen Shankland/CNET News)

"There's been an upsurge in ASCII spam in the last week...It's quite effective in getting through filters," said Chris Boyd, director of malware research at messaging management firm FaceTime Communications.

But earlier efforts to use ASCII art for spam have proven to be duds, he added. "The downside is that 9 times out of 10, it's completely useless because it's almost impossible to read, or it's a really bizarre picture of a naked lady that's not clickable," Boyd said.

Evasive maneuvers
Spam filters can detect the word "Viagra" and suspect Web addresses of sites trying to get rich quick by catering to the demand for the drug. But it's another thing altogether to detect an ASCII art version of the same word. Indeed, an ASCII art spam e-mail reading "Viagra-$1.15" and "Cialis-$1.99" made it past the spam filters of my Yahoo Mail and Gmail accounts.

Google declined to comment specifically on ASCII art spam. "We expect spammers to use every means possible to try to send spam. That's why we have a very robust spam-fighting effort at Google," the company said in a statement. Yahoo didn't respond to a request for comment.

Here's why it's clever. One line of the e-mail is "78 46 60 11 04 75 300 38 0348 18 61 55171"--gibberish that hardly resembles part of the word "Viagra" or a suspect URL. But reading it on my screen as part of the overall text, its meaning was clear to me in a flash. And a spam generation program could evade spam filter fingerprinting by randomly substituting other numbers into the text art.

Clever--but largely ineffective
The only trouble for spammers: the very reason the art spam is hard to screen out also makes it, well, somewhat impotent as a spam method.

The example spam I got, for example, didn't include any handy URLs I could click. There was a Web address in the ASCII art, but I'd have to type it in myself. But adding an active URL to a spam-affiliated site is likely to catch the attention of the spam filter.

"They've got this great idea for getting past the servers, but they don't seem to know how to employ it as effectively as they could," Boyd said. "Combining this with effective spam techniques might be more effective" for the spammers, he said.

Another problem: With the variety of fonts, computers, and e-mail-reading applications in use today, there are good odds ASCII art spam will look like gibberish to the human reader as well as to the spam-checking filter.

ASCII art in action
Here's an example of ASCII art from Joerg Seyfferth's ASCII text generator, one of many on the Internet.