By Stefanie Hoffman, ChannelWeb - May. 14, 2008

Social networking giant MySpace was awarded an unprecedented $230-million judgment that concluded a lawsuit against "Spam King," Sanford Wallace and his partner Walter Rines in a landmark decision announced Monday afternoon in a Los Angeles federal court.
U.S. District Judge Audrey Collins handed down the landmark decision after the notorious spam team failed to appear in court. Collins imposed $157.4 million in damages against both Rines and Wallace and an additional $63.4 million against Rines under the 2003 CAN-SPAM Act.

In addition, Collins awarded MySpace $1.5 million against the duo under California's anti-phishing law, as well as $4.7 million in attorney fees, and issued injunctions that prohibit further spamming activities in the future.

"MySpace has zero tolerance for those who attempt to act illegally on our site," said MySpace's chief security officer, Hemanshu Nigam in a written statement. "We remain committed to punishing those who violate the law and try to harm our members."


Spotted here

Despite Warnings, More Consumers Fall Victim to Cyber Scams
Law enforcement barely makes a dent in crooks' efforts
»www.consumeraffairs.com/news04/2···ps.html
May 1, 2008

Law enforcement has hardly made a dent in criminals' efforts to use the Internet to rip off consumers and steal their identities.

According to the latest Internet Crime Complaint Center data, nearly $240 million of individual losses from Internet fraud were reported to the FBI in 2007, an all-time high and a 20 percent increase since 2006.

More at link.

Back in early February, we covered the rapid rise of the Mega-D botnet and its various social-engineering-based attack methods. At the time, there was some question as to what malware was behind the creation of Mega-D (it has since been identified as Ozok), and no definite time frame as to when the botnet might be shut down. Now, according to security firm Marshal, Mega-D's profile is shrinking, thanks to a 10-day control server failure, but another botnet, Srizbi, is quickly moving into the gap.

»arstechnica.com/news.ars/post/20···pam.html

By Eric Bangeman | Published: March 16, 2008 - 11:01PM CT

Spamming can pay big bucks, but it hasn't paid off for a Seattle man who was once considered the eighth-largest spammer in the world by Spamhaus. Robert Soloway, 28, pleaded guilty to electronic mail fraud, "snail" mail fraud, and not filing a tax return in 2005—when he reportedly made over $300,000 from his spamming activities.

Criminals have assembled a huge database of hacked FTP server logins belonging to some of the world’s leading companies, a security company has revealed.

Finjan said it had stumbled upon a database containing account usernames, passwords and server addresses for a staggering 8,700 FTP servers, many of which were being used by US Fortune 100-level enterprises........

»www.techworld.com/security/news/···amechan

Fans who click on malicious links, explained Wilson, would be "led to a search engine optimised keyword-riddled page" and then automatically redirected to another site that requires users to download a "new version of ActiveX object".

»www.zdnet.com.au/news/security/s···9,00.htm

The United States' tax-collecting agency, the Internal Revenue Service, warned security experts on Wednesday that fraudsters have increasingly targeted tax payers using phishing attacks that masquerade as messages from the IRS.

more at securityfocus.com

by Robert Vamosi
Whenever you type an address into an Internet browser, that address is instantly resolved into the site's numerical Internet address by a DNS server located somewhere in the world. On Tuesday, Symantec announced that online criminals have started to remotely redirect your home network router's DNS server so that whenever you type in a financial institution or other trusted site, your browser will instead be redirected to a bogus or phishing Web site.

WEDNESDAY, JANUARY 9, 2008

WASHINGTON – A Colombian citizen pled guilty today to a 16-count indictment involving a complex computer fraud scheme victimizing over 600 people, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S.

The January State of Spam report shows that as 2007 ended, spam surged and accounted for 75 percent of all email, increasing to 83 percent in the last few days leading up to the holiday season.

more at securityfocus.com

Phishing e-mails that contain a Trojan horse designed to infect users' computers will continue to increase in 2008, comprising more than one-in-three malicious e-mail attachments, Microsoft said on Thursday.

more at securityfocus.com

U.S. Secret Service agents escort her, for her safety.

Phishing attacks in the United States soared in 2007 as $3.2 billion was lost to these attacks, according to a survey by Gartner, Inc. The survey found that 3.6 million adults lost money in phishing attacks in the 12 months ending in August 2007, as compared with the 2.3 million who did so the year before.

more at gartner.com

We've observed some adult spam in disguise. The usual adult spam that we see is simple text with links and adult phrases that make it quite obvious what it is. The mutation that we've recently observed includes an email that has two parts -- HTML and plain text -- where the plain text portion looks completely legitimate and in fact is a portion of a legitimate newsletter of some kind. However, the headers make it apparent that it is not from the legitimate company.

more at securityfocus.com

Attachments now spread botnet-creating malware
By: Cara Garretson (Network World) 02/11/2007 05:34:50
Source: PC World

PDF spam, the nuisance that flooded inboxes in early August and then quickly disappeared, is back and worse than ever.
According to multiple threat researchers at security vendors, tens of thousands of spam messages were blasted out last week with attached PDF files, which infect the recipients' PCs when viewed. The subject lines of the new crop of PDF spam are finance-related, according to security vendors, using phrases designed to get the recipient's attention such as "your credit report." These e-mails contain no text, simply the attachment.

»www.cnn.com/2007/US/11/02/wildfi···topnews

The Internal Revenue Service is warning Americans about an e-mail hoax that claims to be from the tax agency and asks for donations for wildfire victims.

Anyone who clicks on the donation link is taken to a fake Web site that asks for the person's bank account numbers.

By CHRISTOPHER S. RUGABER, AP Business Writer
Thursday, November 1, 2007
From The Associated Press


WASHINGTON, (AP) --
The federal agency that fights Internet scams and spam is caught in the middle of an effort to fool e-mail recipients.
The Federal Trade Commission warned this week that scammers are behind messages from the phony address of "frauddep(at)ftc.gov."
The e-mails claim that a has been filed with the FTC against the e-mail's recipient. An attachment to them includes a virus that, if opened, will install a program that can steal passwords and account numbers from receiving computers.

It was Fred Tracomm's lucky day. Two checks came in the mail to a Chicago office -- one for $4,000 and the other for $4,000.50.

By: Tim Brust

If you are a victim of an Internet scam or reporting suspected criminal activity on the Internet, you might file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center based in Fairmont, W.Va.

John Hambrick, a Marietta native, has been the head of that unit for the past year and a half.

Question: What does the internet Crime Complaint center do?

Full story: The Marietta Times [Ohio]

By Cara Garretson
Source: ComputerWorld


Carnegie Mellon University is researching the best ways to educate email users about the dangers of phishing, such as how to distinguish the URL of a fraudulent website from a legitimate one. Not exactly rocket science...or is it?

The Pittsburgh-based university has scientists and graduate students working on research to determine, in essence, how to get through to email users. Early results of a recent study show that users need to fall for phishing first in order to become aware enough to educate themselves against this form of fraud.