Microsoft Wins $3.95 Million from Spammer 169
LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."
Re:I have to say... (Score:1, Informative)
Re:I have to say... (Score:5, Informative)
Other articles [theregister.co.uk] on this story say that the spammer used the domain windowsupdatenow.com, which is owned by [dnsstuff.com]:
Re:Am I my keeper's brother? (Score:5, Informative)
http://www.proxypot.org/ ?
They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.
As a bonus, none of the spam that the spammers try to send through them reaches any victim.
For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)
It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.
Toolbar... (Score:5, Informative)
No but from this article [theregister.co.uk] on The Register:
"In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."
Actually, they did... (Score:5, Informative)
Windows Update [windowsupdate.com] is owned by microsoft - in fact, it is one of the URL's that the blaster worm [symantec.com] DOS'ed.
According to this register article [theregister.co.uk] that someone posted, the website that the spammer registered was windowsupdateNOW.com
Not really... (Score:2, Informative)
Re:Re-distribute the cash? (Score:3, Informative)
I would guess that the claim Microsoft's campaign against spam has netted them $54 million from six judgments is likely false. They may have been awarded $54 million, but collecting is always another matter. I would not be surprised if the total collected is just in the thousands. And that likely is less than the legal costs, meaning their net is probably a negative number.
Of course, that is pure speculation. I have no facts to back it up. But then again, this is /.
Re:The phony update site is still up. (Score:4, Informative)
The guy used windowsupdatenow.com. for his toolbar. (It's in the article... nkay?)
Those who're running IE with active-X controls enabled should click on it... Perhaps get some more holes fixed :-)
Daniel Khooshnood (Score:2, Informative)
This guy uses obviously program-generated lists of emails to basically spam every possible email address in several popular domains - aol, hotmail, etc..
In case anyone wants to discuss his case,
His cell phone number is (or at least used to be) 818-516-3999.
His work phone number is (or at least used to be) 800-516-3999. I believe the phone was answered as "mainstream advertising".
His email was dk@global2000.com, but I doubt it's still the same.
I have a bigger grudge against DK than anyone. It is thrilling to hear of MS's victory in this case. it's nice to hear of them doing good for once!
Anyone else out there know him? I know from friends that I am far from the only person who he screwed over.