MySpace continues to wage a legal war on alleged spammers.
An arbitrator has ordered Media Breakaway and Chief Executive Scott Richter to pay the social-networking giant $4.8 million in damages and $1.2 million in legal fees, according to legal filings. The company's employees were also ordered to stay off MySpace.
News Corp.'s MySpace accused Media Breakaway and Richter, who has been accused of spamming consumers in the past, of launching phishing attacks and sending unsolicited messages to MySpace users. Representatives from Media Breakaway were not immediately available for comment.
Richter is a noted and controversial Internet marketer. Two years ago, he paid $7 million to Microsoft to settle a lawsuit that accused him of sending illegal spam. Microsoft originally sued for $20 million.
The $6 million award is a fraction of the $234 million that the courts ordered Sanford Wallace, the so-called spam king, to pay MySpace last month after he failed to mount any kind of legal defense. The anti-spam judgment is believed to be the largest so far under the 2003 Can-Spam Act.
"MySpace has zero tolerance for illegal activity on our site," MySpace said in a statement, "and is committed to bringing to justice those who try to harm our members."
The reason Richter is paying so much less is that the arbitrator said it was unfair to hold Media Breakaway responsible for all the wrongdoing of the site's affiliates. Media Breakaway has loose ties with companies or individuals that send traffic to sites owned by advertisers who pay Media Breakaway for the leads or sales, according to court documents.
MySpace has traditionally been an easy target. Spammers could hit thousands of "friends" with messages with little effort, the records show.
The arbitrator in the case noted that Media Breakaway has made efforts to comply with the law, such as making affiliates sign anti-phishing agreements. Some of the affiliates either ignored or were not aware of the agreements, the arbitrator wrote.
But the arbitrator also found that Media Breakaway's affiliate managers were "deficient or that on more than a few occasions...consciously condoned and encouraged unlawful spamming activities."
Yahoo has filed suit against unnamed "lottery spammers" who tried to fool people into thinking that they won a prize from Yahoo so they'd share passwords, credit card numbers, or other sensitive information.
The Internet company on Tuesday said it filed the suit in the U.S. District Court for the Southern District of New York, citing the Federal Trademark Act, the Can-Spam Act, and related state laws.
"The unauthorized use of Yahoo's trademarks is misleading, fraudulent, and has actually confused, misled, and deceived the public," Joe Siino, Yahoo's senior vice president for global intellectual property and business strategy, said in a statement.
According to Barracuda Networks, 90 percent to 95 percent of e-mail sent in 2007 was spam. Phishing, one activity associated with spam, involves sending e-mail masquerading as authentic messages designed to fool users into parting with personal information.
Social-networking site MySpace.com has won a $234 million antispam judgment, according to the Associated Press.
On the losing side of the award--believed to be the largest ever under the 2003 Can-Spam Act--were defendants Walter Rines and Sanford Wallace, the so-called spam king. MySpace won the case against Wallace after he failed numerous times to turn over documents or show up for court.
"MySpace has zero tolerance for those who attempt to act illegally on our site," MySpace Chief Security Officer Hemanshu Nigam told the AP. "We remain committed to punishing those who violate the law and try to harm our members."
In March of last year, MySpace filed suit against Wallace, alleging he launched a phishing scam to fraudulently access MySpace profiles. Wallace was also accused of spamming thousands of MySpace users with unwanted advertisements and luring them to his Web sites.
MySpace said Wallace and Rines sent 735,925 messages to MySpace members. Under the Can-Spam Act, each violation entitles MySpace to $100 in damages, tripled when conducted "willfully and knowingly," according to the report.
Wallace has previously been sued by the Federal Trade Commission and companies such as AOL and Concentric Network. In May 2006, Wallace and his company Smartbot.net were ordered by a federal court to turn over $4.1 million.
Wallace earned the nicknames "Spamford" and "spam king" for his past role as head of CyberPromotions, a company responsible for sending as many as 30 million junk e-mails a day in the 1990s.
A "serious security flaw" in Gmail turns Google's e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the "trust hierarchy" that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google's SMTP service, bypassing Google's 500-address bulk e-mail limit and identity fraud protections.
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because Gmail falls into the trusted-whitelist category, messages are allowed "carte blanche" to bypass spam filtering.
INSERT's report notes that no extraordinary Internet expertise is necessary to exploit the flaw:
In this regard, this document presents a vulnerability report and a proof-of-concept attack that demonstrate how anyone with no special Internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail account in order to be granted nearly unrestricted access to Google's massive whitelisted SMTP relay infrastructure.
Google has offered no official comment on the report.
This isn't the first Google tool to appeal to spammers. In April, my colleague Elinor Mills reported that spammers were now using Google Calendar.
Sanford Wallace, the so-called spam king, has often been accused of sending annoying messages that are typically ignored by the recipient. Perhaps he considered a series of court orders as something he could blow off.
If he did, he was wrong. MySpace has won a legal judgment against Wallace after he failed numerous times to turn over documents or even to show up for court, according to records obtained by CNET News.com.
In March of last year, MySpace filed suit against Wallace alleging he launched a phishing scam to fraudulently access MySpace profiles. Wallace was also accused of spamming thousands of MySpace users with unwanted advertisements and luring them to his Web sites.
To say Wallace, who could not be reached for comment, failed to mount a vigorous defense would be an understatement.
According to records filed on April 15 with U.S. District Court in the Central District of California, Wallace was ordered numerous times to turn over documents requested by MySpace and provide a deposition. A MySpace representative did not respond to an interview request.
Each time, MySpace waited and each time Wallace failed to comply. Early on, Wallace informed MySpace he was having a hard time finding legal counsel. Soon after, he said he couldn't comply because he was unaware of his court dates; he wasn't accepting mail or signing for packages and that's why he missed receiving notifications.
The court did not accept his reasons as a valid excuse, but continued to give him chances to comply. Nothing worked. After Wallace continuously failed to appear or respond to filing deadlines, the court issued a default judgment against Wallace.
"It is...a defendant's responsibility to respond to discovery, obey court orders, and avoid dilatory tactics," the court wrote in its order. "Taking all of the above factors into account, a default is appropriate. The court finds that Wallace's noncompliance is due to willfulness, fault, or bad faith...Wallace has had every opportunity to avoid the sanction of default. (He) has never provided any explanation for his behavior to the court."
By now, Wallace should know his way around a courtroom.
He has been sued by the Federal Trade Commission and companies such as AOL and Concentric Network Corp. In May 2006, Wallace and his company Smartbot.net were ordered by a federal court to turn over $4,089,500.
CNET News.com's Declan McCullagh contributed to this report.
SAN FRANCISCO--It's no secret that spam now pollutes Web sites as well as e-mail in-boxes. But Web site operators can take actions to combat it, a Google expert in the area said Friday.
Matt Cutts, Google's lead engineer for combating Web spam, at the Web 2.0 Expo
(Credit: Stephen Shankland/CNET Networks)Matt Cutts, head of Google's Webspam team and an engineer who's been working on the problem for eight years, offered some tips about combating it during a speech at the Web 2.0 Expo here.
"Spammers are human," Cutts said. "You have the power to raise their blood pressure. Make them spend more time and effort...If spammer gets frustrated, he's more likely to look for someone easier."
How? Forthwith, some tips for those who manage their own or others' Web sites.
• Use captcha systems to make sure real people, not bots, are commenting on your site. He uses a simple math puzzle--what's 2 + 2?--but he also likes KittenAuth, which makes people identify kitten photos.
One blogger merely requires people to type the word "orange" into a field. "The vast majority of bots will never do that," Cutts said.
• Reconfigure software settings after you've installed it. A little modification of various settings will throw bots off the scent. "If you can off the beaten path, away from default software installations, you'll save yourself a ton of grief," he said.
• Employ systems that rank people by trust and reputation. For example, eBay shows how long a person has been a member and how satisfied others are with transactions with that person.
• Don't be afraid of legitimate purveyors of search-engine optimization services. "SEO is not spam. Google does not hate SEO," Cutts said. "There are plenty of white-hat SEO (companies) who can help you out."
Registering your Web site at Google's Webmaster Central site can help find bogus search-engine optimization tricks others may use on your site, such as keywords written in white text on white backgrounds, he added.
Spammers are now using Google Calendar, according to the SANS Internet Storm Center (ISC).
"Every once in a while I see a new spamming method. This one came from (Google Calendar)...as a meeting invite," writes Donald Smith of the ISC. "I deleted the e-mail, but due to my preferences in Exchange it appeared in my calendar anyways."
The text of the meeting invite was in French from someone at the International Clearing House West Africa-Benin, and promised $1.2 million in exchange for paying a $150 nonresident tax.
Spammers always have been early adopters.
News recently broke that Russia is requiring registration for Wi-Fi use. I had forgotten until I checked into my hotel in Moscow tonight, and had the bother of having to go to a special desk in the lobby to sign up.
Reading the agreement, it sounds like this is an antispam measure? Seems a bit like the guns debate in the U.S. I doubt many of the spam kings and criminals that would be affected by it are going to register...
Russian Wi-Fi Agreement
(Credit: Matt Asay)The battle for your in-box shows no signs of waning.
Despite the efforts of software companies large and small, spammers and phishers continue to find and exploit weaknesses in junk-mail filters at the server and client levels. After years of foil and parry between these two forces, you would think that Microsoft Outlook, the most widely used e-mail program in the world, would be a paragon of in-box defenses.
Then again, this is Microsoft we're talking about, a company not noted for being the paragon of anything more than profitability.
A few years back, Service Pack 2 for Office 2003 added phishing filters for Outlook that move suspicious messages to your Junk E-mail folder automatically and turn off links in the messages. Outlook 2007 was released about a year-and-a-half later with only a few new junk-mail defenses. In fact, the Junk E-mail Options screens of the two versions are nearly identical.
The junk e-mail options in Outlook 2003 don't offer many options.
(Credit: Microsoft)
The only difference between the Junk E-mail Options in Outlook 2007 and its predecessor are the bottom two options.
(Credit: Microsoft)In the past, I have created a series of Outlook rules to stem the flow of junk to my in-box. The process is straightforward though somewhat time-consuming: Click Tools > Rules and Alerts > New Rule, and step through the Rules Wizard. You can also right-click a message you want to base the rule on and choose Create Rule, and then either make your selections, or click Advanced Options to open the Rules Wizard.
If you find yourself spending an inordinate amount of time dealing with junk e-mail, your best solution is a third-party spam and phishing filter. There are lots of free versions available for download, but the freebies either require too much work on your part to make them effective, or they work with only a single mail account, place text ads on your outgoing messages, or come up short in some other way.
Your best bet may be to bite the bullet and pay for a commercial junk-mail filter. My favorite is one that has been around for a long time: Cloudmark Desktop, which comes in versions for Outlook and Outlook Express, as well as for Mozilla Thunderbird. The program is available for a 15-day free trial. A one-year subscription for two PCs costs $40 (multiple licenses and volume discounts are available).
Cloudmark adds a toolbar to Outlook that lets you scan a folder for junk with a couple of clicks. It places spam and phishing attempts in a Spam folder and lets you block and unblock mail from specific senders. The program works quickly: It scanned a folder with more than 2,000 messages in just a couple of minutes, and I didn't notice any slowdown when I sent and received mail.
The Cloudmark Desktop junk-mail filter adds a toolbar to Outlook that lets you scan a folder for spam, and block or unblock specific senders.
(Credit: Cloudmark)You get more control over how junk mail is treated via the program's Options menus, which let you scan for junk selectively rather than automatically, and change the location of your junk-mail folder. You can choose to delete the junk immediately, after a week, or after a month. Your Outlook contacts can be added to your trusted list with a single click, and you can see how many messages have been checked, how many were identified as spam automatically, and how many spam and phishing messages you've blocked.
Cloudmark Desktop's options let you change the folder your junk mail is stored in, and decide when to delete the junk.
(Credit: Cloudmark)When you're ready to get serious about locking spammers and phishers out of your Outlook in-box, Cloudmark is ready to do the heavy lifting.
Monday: simple ways to speed up Windows shutdowns.
An online advertising company accused of luring customers with deceptive offers of "free" iPhones, laptop computers, plasma televisions, and other goods has agreed to pay a record $2.9 million fine as part of a settlement with the Federal Trade Commission.
According to a federal court filing (PDF) released Monday, since at least early 2005, Westlake Village, Calif.-based ValueClick and its subsidiary Hi-Speed Media have been attempting to lure consumers to their Web sites through e-mails and Web-based ads bearing slogans like "Free PS3 for survey" or "let us buy you a 42 inch plasma tv! Just type in your zip code." The purpose of those operations was "lead generation"--that is, connecting consumers with advertisers trying to sell certain goods or services, the FTC complaint said.
Trouble is, the companies didn't disclose "clearly and conspicuously" that, in reality, the offers weren't exactly free, the FTC charged. Instead, consumers were required to fulfill certain obligations or incur various other expenses--for instance, applying for car loans or credit cards--in order to qualify for those goods. In addition to allegedly running afoul of a broader law prohibiting unfair and deceptive practices, the FTC said that misleading subject lines in those e-mails violated the 2003 Can-Spam Act, which regulates distribution of bulk e-mail.
The alleged violations didn't stop there: The companies also gathered sensitive credit card and financial information but did not encrypt that data in a way that's consistent with industry standards or take other steps to protect it from hackers--even though they claimed to do otherwise, the FTC said.
The charges resulted in the largest settlement amount the FTC has reached under Can-Spam, the agency said in a statement. Until Monday's announcement, the FTC's highest settlement under Can-Spam occurred in March 2006, when a company called Jumpstart, which allegedly sent misleading e-mails offering free movie tickets,
It was also the FTC's third case targeting "deceptive promises of free merchandise" by Internet lead generation enterprises. In a case last November, a company called Adteractive, which allegedly lured customers to its Web sites with promises of "free gifts," agreed to pay $650,000 in civil penalties as part of an FTC settlement.
In addition to the monetary payout, ValueClick is required to make clear disclosures about what its customers must do in exchange for the free products. It also must establish and maintain a "comprehensive security program" for protecting personal information, subject to mandatory "independent third-party" reviews, for 20 years.
ValueClick apparently knew the settlement was coming more than a month ago. At that time, it released a statement saying it expected the $2.9 million charge, although, as is the norm in these arrangements, it did not concede it had violated any laws. The company also said the FTC complaint referred only to "past practices" of its Hi-Speed Media subsidiary and not other portions of its company.
Before becoming official, the settlement is subject to approval from a federal district judge in California.
