Microsoft Wins $3.95 Million from Spammer

LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."

I have to say...

It seems rather dumb of MS not to have registered windowsupdate.com in the first place.

Re:I have to say...

yep, thats what I was saying, but now it belongs to them.. so I guess alls well that ends well :)

Re:I have to say...

Most companies probably don't want to go down the route of registering all the keywords related to their business to stop third parties abusing the fact that the words are well known and recognised. If they did then scammers would use mispellings and 1337 variations, it could cost quite a bit to register all of them. For MS it's possibly easier to take just to take legal action when abuses do occur.

Re:I have to say...

"For MS it's possibly easier to take just to take legal action when abuses do occur."

At $8 bucks a domain, MS would have been ahead to register those domains compared to the cost of one court case.

On the other hand, though, they did send a message to other domain squatters out there. Like or hate MS, that was a good move.

Re:I have to say...

I'm not at all surprised by that, considering that Microsoft can't even remember to register their own domain names [theregister.co.uk] ;-)

Re:I have to say...

This article seems to be mistaken. The domain ownership for windowsupdate.com, according to NSI (no link to their evil whois-substitute), is:

Microsoft Corporation

Carolyn Gudmundson
One Microsoft Way
Redmond, WA 98052
US

Other articles [theregister.co.uk] on this story say that the spammer used the domain windowsupdatenow.com, which is owned by [dnsstuff.com]:

Windowsupdatenow

8975 hoello
brazil city, brazil none
BR

Re:I have to say...

Registering a domain name is negative money. Letting someone else register it and then suing them is positive money. You might even be able to get the domain thrown in with the settlement.

Actually, they did...

Windows Update [windowsupdate.com] is owned by microsoft - in fact, it is one of the URL's that the blaster worm [symantec.com] DOS'ed.

According to this register article [theregister.co.uk] that someone posted, the website that the spammer registered was windowsupdateNOW.com

Re-distribute the cash?

Obviously it'll never happen, but it would be nice if all the proceeds of these victories against the scumbags were given to anti-spam projects and organisations to develop more robust hosting (to deflect spammer/virus author DDOS attacks) and improve the filtering software. It would also really annoy the spammers to see such projects getting massive cash injections ;-)

I recently added rbl support (spews and spanhaus), spamassassin and the mimedefang milter to our company incoming mailserver and it's REALLY making a difference! Since I have a corpus from hundreds of people too, the bayesian side is already extremely good. It still lets the odd scam through, but being a company I can't afford to block anything by accident.

Re:Re-distribute the cash?

"Microsoft has recently won a large lump sum of money from a spammer, and is redistributing the money to customers who may have been affected by his spam. In order to claim your money, forward this email to ten of your closest friends within the next 15 minutes"

"Microsoft Wins $3.95 Million"

Talk about conflicted. I'm not sure who to root for. Did the spammer use Linux?

A victory is always a victory...

...even if its for Microsoft. Personally, I would prefer that the money would go to, say, Spamhaus, for giving us the XBL and the SBL.

heh

I am glad this was the final judgement. This website caused me some grief having to fix up my parent's computer and get them hooked up to a new email address. Anyone know if MS has said they will give the winnings to a charity?

How do we feel?

So, what do you do when evil is fighting evil?

The secret formula!

1. Write a popular mail client which automatically executes arbitrary code.
2. Sue the people who hijack PCs via the above mentioned mail client.
3. Profit!

The enemy of my enemy is my friend...
I feel confused.

Re:The secret formula!

What the hell are you talking about? If you'd bothered to open up the article and, you know... READ it, you'd see that 1) they "profited" because this idiot registered a domain name in violation of their trademark and 2) there was no hi-jacking - the moron "victims" had to download the toolbar entirely of their own cognition.

I don't know what this has to do with any mail client other than the fact that the guy happened to be sending e-mails for his little scam...

Re:Am I my keeper's brother?

It's unclear what you mean, but have you seen:

http://www.proxypot.org/ ?

They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.

As a bonus, none of the spam that the spammers try to send through them reaches any victim.

For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)

It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.

A suggestion

As one of those who reported this to Microsoft, perhaps I should get some of the settlement? Don't suppose that's likely though...

So what?

Like all fines that criminals get, this one will make little difference, and Microsoft will never collect.

These law suites are good for victim satisfaction, but will not stop spammers, and in both the large and small of things really have no effect at all on spam.

This has very little to do with spam.

While I think it's great that yet another "identity thief" (sort of) has been busted, this does little to stem the flow of spam. What we truly need are more cases that are strictly based on the sending of unsolicited commercial e-mail. We've got some great [spamlaws.com] and not so great [spamlaws.com] legislation out there to protect us... why aren't we using it? Because it costs too much [theregister.co.uk]?

And yes, I know that there have been a few [theregister.co.uk] landmark [theregister.co.uk] cases [cbronline.com] recently, but a few big falls aren't going to convince spammers as a whole to stop spamming. An concerted effort to shut them down via thousands of small lawsuits from you and I would be much more likely to have an effect, in my humble opinion.

Hmmmm, does this mean....

....that the linux community can do the same?

cash?

i am wondering if that means that M$ is actually getting those 3.5 million bucks from him, or more than 50m$ from all the spammers.

Did the guy keep a couple of millions in the attic, just in case? Or is he broke, struggling to pay his lawyers..?

Slashdot MS Borg icon

Wow with all the "How should we feel?" questions, I'm suprised its microsoft with the Borg icon.

/. moral dilemma

In other news, SCO wins $699 from Satan, Lord of Lies.

Yep.

Microsoft wins settlement

"In normal times, evil should be fought by good, but in times like this, well, it should be fought by another kind of evil." ..Come on, I had to.

I actually feel a little nauseous.

Microsoft... and LAWSUITS.. and... sweet Jesus. This is a good thing!?

I feel the same way I would if Osama Bin Laden gave me a preview copy of Half Life 2 - conflicted and bewildered.

Wow, I misread the title as...

"Microsoft Wins $3.95 from Spammer" Darn those cheap spammers!

Someone was also using exploits in their name

My room mate put a fresh windows install on the Net and had the RPC service exploited within minutes, with a dialog directing her to that site to pay for an "update" which would "fix the problem." It also installed a variant of some worm or other with some nasty back doors, which subsequent virus scanning and firewalling took care of. Nice to see Microsoft nail this asshole's hide to the wall, even if it's just a tiny grain of sand in the beach.

Well....

Microsoft is overreacting.I don't care if they hate canned meat,that doesn't mean they can sue those who make it.Next thing you know,they'll be suing grocery stores for selling Macintosh apples!

*mumble*Idiotic food bigots*mumble*

Toolbar...

The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches.

No but from this article [theregister.co.uk] on The Register:

"In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."

Two faced...?

Ya know, as much as the /. community dosen't like Microsoft empire for one reason or another, this is one victory we can all applaud.

Strange, isn't it?

That sound you hear...

... is that of thousands of Slashdotter heads simultaneously exploding.

when will we take security seriously?

This stuff is partially the fault of the big companies. In this case MS has been harking on users for years that they must update computer the minute patches come out. They harangued customers that did not properly update machines, blaming such customers for all problems. However, they have only recently given consumers the tools needed to easily update their machines, and then only if the customer has broadband. This left a wide hole for someone else to exploit the fear. Fear that was created because MS chose to blame customers. This was especially true when update were erratic and most more common that today. The design on Windows led to the exploits. All MS had to do is take a bit more responsibility for their design decisions.

I have noticed this with bank websites as well. When online banking first grew big, I got an email survey that asked for personal information and led me to a third party site. I asked the bank if the survey was legit and they said it was. More recently the bank started letting users log in from an unsecured home page. Passwords seem to be protected, but we now have introduced a system in which users are accustomed to submitted sensitive information on unsecured pages. This habit can only benefit the crooks. I mean the latest exploit, involving ads on bank pages, should have been identified early as a security risk. I guess the risk to customer was less than the greed of the banks.

Works for me

It doesn't bother me if MS wants to spend their time and money hunting spammers. I doubt their motivation lies solely with raking in millions from the defendants, especially since they probably will only collect a fraction of that money. In this case, it's probably less about spammers/scam artists in general as it is about protecting their intellectual property. Microsoft has their own selfish motivations for this whole "campaign", as we all would as executives forced to act in the best light of the company. I could personally care less what they are, though, as long as they're ousting the spammers. (And doing so through a legitimate means).

My thoughts on that toolbar

I would think that, if this guy had truly developed a windows update toolbar for IE, he would have notified Microsoft in the first place, and either gotten their OK, or just given it to them for their own deployment. But, knowing how this world works...well, spyware, anybody?

That patch bar

"The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."

If it really did, Microsoft would have a fit! Either that, or it'd automatically download and install the Linux distro of the writer's choice.

The phony update site is still up.

The site is still up. Why didn't the court order it taken down? See WindowsUpdate.com [windowsupdate.com].

WARNING - do NOT click on the link above if you are running Microsoft Internet Explorer with Active-X controls enabled.

Re:The phony update site is still up.

The site is still up. Why didn't the court order it taken down?

Because it actually is microsoft's?
The guy used windowsupdatenow.com. for his toolbar. (It's in the article... nkay?)

Those who're running IE with active-X controls enabled should click on it... Perhaps get some more holes fixed :-)

Sounds like a new business model

for SCO

Did the spammer get to

pay his fine in certificates for more spam, like M$ seems to get away with ?

I work for a large company, many thousand of users and it was announced yesterday that MSIE was a LIABILTTYjust existing on the desktop and will be removed from ALL CORPORATE WORKSTATIONS. They have done some fairly extensive mod'ing to a Firefox build it looked like to me, and arranged an internal update system for redistributable packages from MS in the way of OS/OFFICE updates.
May be smoke and mirros in the end but all I can think of is ABOUT FARKING TIME.

Question

Microsoft Wins $3.95 Million from Spammer

Did they click on the blinking monkey?

Good...

... cause Microsoft could use the money.

revenue to offset their other legal woes

so truly they will pay nothing for the judgements that went against them?

Vouchers

Maybe they should pay the fines in vouchers for spam. That's how microsoft likes things isn't it?

Daniel Khooshnood

I worked for this guy for a few months. He is the most disreputable excuse for a human being I've ever had the misfortune to know. I was young and stupid and I worked on a verbal contract through a friend who worked for him directly, and an assumption of trust once I got past a few paychecks. My huge mistake. He kept asking me to give him time, and by the time I broke down and refused to work for him anymore until I got paid, he owed me 8.5 thousand dollars. I was broke at the time and couldn't afford the time or money to sue for what was mine, especially without a written contract. My mistake in trusting him singlehandedly ended my consulting career.

This guy uses obviously program-generated lists of emails to basically spam every possible email address in several popular domains - aol, hotmail, etc..

In case anyone wants to discuss his case,
His cell phone number is (or at least used to be) 818-516-3999.
His work phone number is (or at least used to be) 800-516-3999. I believe the phone was answered as "mainstream advertising".
His email was dk@global2000.com, but I doubt it's still the same.

I have a bigger grudge against DK than anyone. It is thrilling to hear of MS's victory in this case. it's nice to hear of them doing good for once!

Anyone else out there know him? I know from friends that I am far from the only person who he screwed over.

That domain belongs to microsoft

the domain Windowsupdate.com that the article claimed was the one used for spamming seems to belong to microsoft http://web.archive.org/web/*/Windowsupdate.com

http://samspade.org/t/lookat?a=Windowsupdate.com
Domain Name: WINDOWSUPDATE.COM
Created on..............: Tue Jul 22 1997
Expires on..............: Fri Jul 21 2006
Record last updated on..: Fri Mar 26 2004
Administrative Contact:
Microsoft Corporation
Carolyn Gudmundson
One Microsoft Way
Redmond WA 98052

I just can't get it.. how stupid the people are??!

I mean how many times Microsoft has sent out emails where they asked you to download some kind of tool bar? How many times eBay sending you email & asking to re enter your user information? How many times banks sending you email where they ask you to reEnter your online banking or VISA card information... ? & even if you really think that the email/webPage is not fake, how hard is to type the (main)web address to browser manually, like most big businesses ask you to do or make a simple call... I just can't understand why people are so ignorant, and we do not talk about kids, I mean adults. Ahh... Would be wonderful if people should pas a simple test before they can access to internet, it shouldn't take longer then 15 minutes to learn main thing, what do NOT do. If only Microsoft would leave Outlook default settings to "HTML off" It (all this and some other small simple thing) would save billions every year. ... Some companies invests hundreds of thousands dollars to the internet security every year... how about actually teaching that this is how the email works & this is how the internet works. & if ya see somewhere "ClickOnThisCoolFile.exe" that first thing what you should not do is click on that.

Re:This is helping them more than most of their pr

While I have not RTFA here (hell, this *is* /.), I would also have tended to want to side with the Redmond lot on this one.

Registering a website with that name so he could send spam, he deserved all he got. What Microsoft do with the money is another matter.

This is an example of what I would consider fair use [microsith.com]. Not sure that they have updated it in the last 10 years though :-)

Re:This is helping them more than most of their pr

I highly doubt that microsoft would see much more than a few thousand dollars of that $54 million. It is just a number to possibly scare off any large companies who may try to do the same thing. They may now stop seeing that a ruling against them could bankrupt their company.

Classic dilemma

punishing spammers = good!
rewarding Microsoft = bad!

why am I so split over this?

[set headbangmode = 1]

Re:obnoxious troll

He does not appear clueless to me. Let's see your site for comparison.

commentary

although it is not unique in being a news and commentary site, it is a very large site, with discussions being the primary resource here. That's the difference, you can go read news all over the net, but some people wish to have discussions about it. Given that thousands of news articles appear daily across the WWW, the editors can only fit so many into the pages and still have enough of a base to handle the discussions adequately. If all you want to do is read news, why bother coming here and posting a complaint? Shouldn't you be out reading more news someplace else?

Re:Well, now we know why they're interested

How did this spammer, or any other spammer, directly hurt Microsoft?

Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.

Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.

It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus [spamhaus.org] operates almost entirely on contibutions and sponsorships, Spamcop [spamcop.net] has a legal defence fund, Spam Assassin [apache.org] is now under the auspices of the Apache Foundation... the list goes on.

Re:Well, now we know why they're interested

Give me a break. $54 million is pocket change to Microsoft, and there's nothing "quick" about our legal system.

Internally, spam hurts Microsoft as much as it hurts any other company that depends on email for their day-to-day operations. Externally, it makes Hotmail and MSN email accounts much more expensive to provide.

No doubt Microsoft is not acting solely for the public benefit -- I'm sure they're seeking some good PR from their campaign against spammers. But to ascribe their actions entirely to greed and to say spam doesn't hurt Microsoft is asinine.

Ever seen Jurassic Park?

I was thinking more along the lines of the scene where the T-Rex busts in and eats the raptors before they can kill all the humans...

Re:Well, now we know why they're interested

Well, now we know why they're interested in going after spammers. To make some quick money - the reduction of spam that may result is just a small side benefit.

Riiiight, because we all know that Microsoft has a cash crisis and needs every dime they can get. Why, that $60B they have in the bank is barely enough to meet payroll...for the next centuary.

Re:Well, now we know why they're interested

IMHO, the only people these spammers hurt are the average consumers who have to put up with hundreds of junk mail messages in the inboxes every day.

Well, look at it this way - if the end users are getting "hundreds" of junk mails every day, how many hundreds of thousands are the ISPs and email providers having to carry and deliver?

MS runs Hotmail and MSN; their bandwidth and storage charges due to spam are at least as great as those of their end users. Spam hurts everyone involved, not just the end user. About the only people who don't suffer because of it are the spammers themselves.