Submit a link Features Reviews Podcasts Video Forums More ▾

Comment-spammers threaten to sabotage their victims through Google Disavow if the evidence of their vandalism isn't removed

Tim got an email from someone trying to get rid of comment spams -- ever since Google started punishing sites that left comment spam on blogs, this has been going on a lot. When Tim told the guy to buzz off, he threatened Tim with sabotage by means of Google's "Disavow" tool, growing progressively more abusive as Tim stood his ground.

Read the rest

Orange UK plumbs the depths of insulting, stupid marketing, finds a new low


I had the above-reproduced SMS exchange with a bot from my horrible mobile phone carrier, Orange UK (now called "EE" after the high-pitched noise my incipient aneurysm makes whenever I have to deal with them, and because vowels) today. They have "good news" -- I have been subscribed to "special offers" from "great brands" via SMS. And I can opt out. Except, surprise, it takes three weeks to process these opt-outs.

Not sure what I should do apropos of any "great brands" who pay Orange to spam me in the runup to Christmas: maybe just name-and-shame them here? Any other ideas?

Rise of predatory, parasitic spambooks


Charlie Stross considers the confluence of bookspam; Turing-complete, Javascript enabled ebooks, and auctorial disappointment and posits a hostile ecosystem of parasitic ebooks who go around devouring the competition.

Read the rest

The Internet Police: How Crime Went Online, and the Cops Followed


Nate Anderson is one of my favorite Ars Technica writers -- always thorough and always evenhanded, but never shrinking from venturing an opinion or trying to put individual incidents in the context of the wider Internet. His new book, The Internet Police: How Crime Went Online, and the Cops Followed, is a brisk, eminently readable, and important history of the relationship between law, law enforcement, and the net, and as you'd expect, it's excellent.

Read the rest

Where Twitter spam-accounts come from

A pair of researchers -- one a grad student working at Twitter -- bought $5,000 worth of fake Twitter accounts (with Twitter's blessing) and developed a template for identifying spam Twitter accounts. The spammers were using cheap overseas labor to solve Twitter's CAPTCHAs, registering the new accounts with automatically created email boxes from Hotmail and Mail.ru, and spreading the registrations out across a range of IP addresses, courtesy of massive botnets of infected computers. Twitter nuked zillions of spam accounts and prevented new ones from signing up -- for a while. Quickly, the spammers adapted their tactics and went back to registering new accounts. The researchers, Kurt Thomas and Vern Paxson, presented their results today at Usenix Security DC, in a paper called Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse (PDF).

Update: Here's the full research team: "Kurt Thomas is a grad student at UC Berkeley who works at Twitter; Alek Kolz works at Twitter, Damon McCoy is a professor at GMU, Chris Grier is a researcher at ICSI and UC Berkeley and Vern Paxson is a lead researcher at ICSI and a professor at UC Berkeley."

Read the rest

Bestiary of unimportant envelopes that look important


The Evil Mad Scientist folks have compiled an annotated bestiary of junk-mail envelopes that are camouflaged to look like important correspondence. It's a fascinating study in meatspace spam.

Often times, these envelopes are quite well done. Above is an example that might cause a genuine double take— with its “FINAL NOTICE ENCLOSED“ — and bank-PIN style tear tabs on the sides...

And then, there’s the fine print, so that you really take it seriously. A $2,000 fine or 5 years imprisonment(!) are threatened under §1702 should you fail to deliver this fine specimen of junk mail letter to its intended victim. (This penalty is true but somewhat misleading; the law refers to obstruction of mail in general, not this “final notice” in particular.)

Envelopes That Claim to be Important

Corporations are people, so the city of Seattle can't have an opt-out policy for spammy phonebooks no one wants


Jeff sez,

Seattle will spend $500,000 to settle a lawsuit it lost with phonebook companies over its sensible opt-out program for residents.

Beginning in May 2011, Seattle began allowing residents to opt out of unwanted phonebook deliveries. The program was so popular, the city reports that more than 2 million pounds of paper are saved annually as a result. The phonebook companies sued the city and lost, but won on appeal. The city has chosen not to appeal to the Supreme Court.

The phonebook companies alleged in their complaint that the phonebook ordinance, 'denies [their] rights guaranteed by the First and Fourteenth Amendments to the United States Constitution.'(free speech and due process). If not for the legal concept of 'corporate personhood', the phonebook companies wouldn't be able to sue Seattle to assert Constitutional rights originally written only for people.

Rather than ask the question, 'are the phonebook companies people?'and 'do they have the right to free speech?'the courts have focused largely on whether the content in the phonebooks (advertisements and phone listings) represent free speech which can't be regulated or commercial speech, which can be.

The companies claim, 'The First Amendment to the United States Constitution prohibits government from -- enforcing the desire of citizens to avoid communications [and] from prying into citizens' preferences regarding communications they seek to avoid.'

Corporate Personhood to Cost Seattle $500,000 to Settle Phone Book Lawsuit (Thanks, Jeff!)

(Image: Seattle Phone Book Spam, a Creative Commons Attribution (2.0) image from edkohler's photostream)

Music industry hates anti-spam laws

Michael Geist sez,

The business opposition to Canada's anti-spam and spyware legislation has added an unlikely supporter: the Canadian Recording Industry Association, now known as Music Canada. The organization has launched an advocacy campaign against the law, claiming that it "will particularly hurt indie labels, start-ups, and bands struggling to build a base and a career." Music Canada is urging people to tweet at Canadian Heritage Minister James Moore to ask him to help bands who it says will suffer from anti-spam legislation.

Yet Music Canada's specific examples mislead its members about the impact of the legislation. It wrongly claims that bands and labels won't be able to contact venues or stay in contact with fans. To top it off, the industry that introduced lawsuits against individuals for file sharing (CRIA members first commenced such actions in 2004) and brought us the Sony Rootkit debacle is now concerned with lawsuits against its own members for failing to abide by an anti-spam and spyware law.

Is the Road to Music Success Paved with Spam? Canada's Music Lobby Apparently Thinks So spam,copyfight,corruption,canada,corporatism

YouTube confiscates 2 billion views from Universal and Sony

Universal and Sony Music have both had their YouTube view-counts and channels drastically cut by YouTube. A spokesman for YouTube was cryptic about the slashing, saying "This was not a bug or a security breach. This was an enforcement of our viewcount policy." The DailyDot repeats speculation from Black Hat World ("a forum where users trade tips about unethical search engine optimization tactics") where users have suggested that the entertainment giants got their ears pinned back after they were caught buying fake "likes" and "views" from a crooked botmaster.

Sony/BMG was the second largest sufferer, dropping more than 850 million views in one day, bringing its total number of views to a mere 2.3 million. RCA, which got off scot free by comparison, dipped 159 million views. Its tally now sits more modestly at 120 million views.

In addition, each label's YouTube archives are now surprisingly thin. UMG, which had long held a heavy hand in YouTube operations, now only boasts five videos on its YouTube channel, none of which are actual songs—and none of which last more than 1:23.

Sony's page, by comparison, is currently empty. The company did not respond to the Daily Dot's request for comment.

YouTube strips Universal and Sony of 2 billion fake views [Chase Hoffberger/Daily Dot] (via Reddit)

Spam kingpin chatter

Security researcher Brian Krebs picks out some choice exchanges out of a dump from an elite Russian spammer message-board, and suggests that this contains clues to the identities of the world's most prolific spammers.

“Everything is all right with John. We drank with him recently in Europe. He is getting married soon. He is no longer spamming stocks. He got squeezed [arrested/questioned] once very badly some time ago. Now he is all clean. His friend – SP – screwed him and also is not working with stocks now. Rin is in total shit. He is going to be in jail (or he is going to be hiding) for a long time. He calls me pretty often, so he is alive so far. I am helping his wife with money from time to time.”

The two exchange recommendations about their favorite nightclubs in St. Petersburg, Russia. Tarelka inquires how Severa is doing, which elicits the following reply:

“I am okay. Damn, where to find sponsors? I am sure I can spin off stocks even in the current market. Are there any more contacts? Maybe I will ask Apple. Maybe he can give me some referrals. Who could think two years ago that this “theme” would die, huh? Give my regards to Igor [possibly Igor Gusev, the co-curator of SpamIt]. I wish you luck and patience.”

Tarelka says he tried to convince John/Apple that there was still money to be made in stock spam, but that John insisted the market was dead, and that no one was coming forward to pay spammers to send pump-and-dump spam anymore.

A Closer Look at Two Bigtime Botmasters

Kill robocalls, get paid

If you hate robocalls and love money, the FTC wants to hear from you. They're offering a $50K bounty for practical robocall-killing technology. Details at robocall.challenge.gov. Cory

Spam of the day

In reply:

UK Tories put a spam kingpin in charge of the party


Grant Shapps is the Conservative Member of Parliament for Welwyn Hatfield and the new co-chair of the UK Conservative Party. He's also co-owner (with his wife) of a spam factory called HowToCorp, which markets a product called TrafficPaymaster, a program that scrapes blogs/RSS/search results, runs the text through a thesaurus (seemingly to avoid copyright infringement charges) and pastebombs the resulting word-salad onto pages slathered in display ads, in the hopes of tricking search engines into returning them as results for highly ranked queries and racking up accidental click money.

Danny Sullivan explains the workings of "spinner" software like TrafficPaymaster, and documents the tricks that the Shappses' company uses to market its wares, including a web of aliases and elaborate, misleading accounts of how Google views products like TrafficPaymaster and its useless output (here's a sample of the material the Shappses' program outputs: "A free of charge golf swing lesson appears a very little as well superior to be accurate." Here's another: "So the to begin with phase to getting a quality golfer is to order some clubs that match you.")

It’s high-profile, of course, because it’s fairly hard to believe that the new co-chair of the UK’s ruling political party (mostly ruling, the Conservatives share power with the much smaller Liberal Democrat party) is behind software that “plagiarizes” content to spam Google.

Technically, I’m not sure if the spinning is plagiarism, but both UK papers I’ve mentioned are running with that angle. They’re also big on this quote posted on Warrior Forum that appears to be from the aforementioned Sebastian Fox:

Google may or may not like a particular approach, but the real question is whether there are any signs about how a page has been created. If the answer is no, well then it doesn’t much matter what Google officially thinks.

The Guardian cites that as if the quote is dismissive of “Google’s attempts to police the internet,” whereas The Telegraph suggests that it means “Google would be unable to stop the copying of websites.”

The reality is that the claim isn’t some type of gauntlet being thrown down against Google. It’s simply meant to reassure a prospective buyer of what I covered above, that Google probably can’t tell that the page was created using automation, so even if Google has official rules against that (it does), TPM users probably won’t get caught.

Danny finishes: "The Conservatives came under accusations that they were too close to Google earlier this year. Having the party run by someone who created, and still seems associated with, a business designed to help people spam Google probably will serve as a nice balance to that."

New UK Conservative Party Co-Chair Grant Shapps Founded Google Spamming Business

Your daily Twitter enema

Benjamin Jackson recommends daily efforts to kill the 'bots following you on Twitter, for the greater good: "consistently reporting real spammers does work. If you're older than 35 and it helps, you can think of it as picking up litter off the streets of the Information Superhighway." [Buzzfeed] Rob

Commercial spamflooding used by crooks to tie up their victims at key moments

Security expert Brian Krebs was the target of a malicious email flood, and writes firsthand about the experience. These floods -- which can be directed at any and all of your phone (voice or SMS) and email -- are used by crooks who want to busy-out all their victims' communications channels while they are ripping them off electronically. This kind of flooding is available as a (surprisingly cheap) commercial service.

Used mostly in private for myself and now offered to the respected public.

Spam using bots, having decent SMTP accounts.

Doing email floods using bots. Complete randomization of the letter, so the user could not block the flood by the signatures.

Flooder is capable of the following functionality:

Huge wave of emails is being instantly sent to the victim. (depending on the server load and amount of emails to be flooded)

Delivery rate of 60-65% — depending on the SMTP servers.

Limit for flooding single email account on this server is 100,000 emails.

Plan – Children – 25,000 emails — $25
Plan – Medium – 50,000 emails — $40
Plan – Hard – 75,000 emails — $55
Plan – Monster – 100,000 emails — $70

Cyberheist Smokescreen: Email, Phone, SMS Floods