Microsoft Wins $3.95 Million from Spammer

LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."

Re-distribute the cash?

[FyRE666]

Obviously it'll never happen, but it would be nice if all the proceeds of these victories against the scumbags were given to anti-spam projects and organisations to develop more robust hosting (to deflect spammer/virus author DDOS attacks) and improve the filtering software. It would also really annoy the spammers to see such projects getting massive cash injections ;-)

I recently added rbl support (spews and spanhaus), spamassassin and the mimedefang milter to our company incoming mailserver and it's REALLY making a difference! Since I have a corpus from hundreds of people too, the bayesian side is already extremely good. It still lets the odd scam through, but being a company I can't afford to block anything by accident.

Re:This is helping them more than most of their pr

[Vlad_the_Inhaler]

While I have not RTFA here (hell, this *is* /.), I would also have tended to want to side with the Redmond lot on this one.

Registering a website with that name so he could send spam, he deserved all he got. What Microsoft do with the money is another matter.

This is an example of what I would consider fair use [microsith.com]. Not sure that they have updated it in the last 10 years though :-)

Re:This is helping them more than most of their pr

[Anonymous Coward]

I highly doubt that microsoft would see much more than a few thousand dollars of that $54 million. It is just a number to possibly scare off any large companies who may try to do the same thing. They may now stop seeing that a ruling against them could bankrupt their company.

So what?

[Saeed al-Sahaf]

Like all fines that criminals get, this one will make little difference, and Microsoft will never collect.

These law suites are good for victim satisfaction, but will not stop spammers, and in both the large and small of things really have no effect at all on spam.

cash?

[davids-world.com]

i am wondering if that means that M$ is actually getting those 3.5 million bucks from him, or more than 50m$ from all the spammers.

Did the guy keep a couple of millions in the attic, just in case? Or is he broke, struggling to pay his lawyers..?

Re:Well, now we know why they're interested

[Zocalo]

How did this spammer, or any other spammer, directly hurt Microsoft?

Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.

Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.

It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus [spamhaus.org] operates almost entirely on contibutions and sponsorships, Spamcop [spamcop.net] has a legal defence fund, Spam Assassin [apache.org] is now under the auspices of the Apache Foundation... the list goes on.

Re:How do we feel?

[Biogenesis]

A house can not survive if it is divided within itself, only good can come of this.

Someone was also using exploits in their name

[Greyfox]

My room mate put a fresh windows install on the Net and had the RPC service exploited within minutes, with a dialog directing her to that site to pay for an "update" which would "fix the problem." It also installed a variant of some worm or other with some nasty back doors, which subsequent virus scanning and firewalling took care of. Nice to see Microsoft nail this asshole's hide to the wall, even if it's just a tiny grain of sand in the beach.

Well....

[CrazyTiger]

Microsoft is overreacting.I don't care if they hate canned meat,that doesn't mean they can sue those who make it.Next thing you know,they'll be suing grocery stores for selling Macintosh apples!

*mumble*Idiotic food bigots*mumble*

Two faced...?

[Whatthehellever]

Ya know, as much as the /. community dosen't like Microsoft empire for one reason or another, this is one victory we can all applaud.

Strange, isn't it?

Re:Not really...

[betelgeuse-4]

Yes, but would those costs also exceed the money for 10,000 domain names + $3.95million. Also, they have to be the right 10,000 domain names. If they miss just one that's close enough to the real thing, a scam site could still be set up and the lawsuit option would be required. How much does it cost to work out the thousands you need to register and be confident you haven't left any out? You get customers who will be tricked into getting their 'updates' from fortunecity.com/members/microsoft/ or 80.123.45.67, their good will will be lost and lawsuits will be required.

Re:Actually, they did...

[WuphonsReach]

bloody annoying, as I typo that from time to time at work, when building PCs. We don't build them often enough to justify mucking about with an internal mirror.

Which is a good argument for companies to use sub-domains rather then registering top-level domains willy-nilly.

It's a lot harder to get hijacked if you mistype "windowsupdate.microsoft.com" as "windows-update.microsoft.com". So long as Microsoft maintains careful control over their top level DNS server.

It's just a pet peeve of mine from the Internet "gold rush" days where every application from a single company suddenly got it's own top-level domain. When configuring whitelists (e.g. adding sites to the trusted zone in Internet Explorer, or other apps), it's a lot nicer to be able to say "*.intuit.com" rather then having to deal with "*.inuit.com", "*.quicken.com", "*.turbotax.com".

Sure, if you want to register "*.quicken.com", that's fine, but it should've redirected to "quicken.intuit.com".

(sorry, just venting)