Microsoft Wins $3.95 Million from Spammer 169
LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."
I have to say... (Score:4, Insightful)
Re:I have to say... (Score:4, Funny)
Re:I have to say... (Score:2, Funny)
Of course, it is interesting to see a bunch of slashdotters actually taking a pro-microsoft stance on something. Must be getting pretty chilly for the devil about now...
--
Dust Devil Reviews [generalhouseware.com]
Re:I have to say... (Score:5, Insightful)
Re:I have to say... (Score:1, Informative)
Re:I have to say... (Score:2)
Re:I have to say... (Score:3, Insightful)
Re:I have to say... (Score:2)
And apropos of this:
http://www.mocrisoft.com/ [mocrisoft.com]
Re:I have to say... (Score:2)
Not really... (Score:2, Informative)
Re:Not really... (Score:3, Interesting)
Yes, but would those costs also exceed the money for 10,000 domain names + $3.95million. Also, they have to be the right 10,000 domain names. If they miss just one that's close enough to the real thing, a scam site could still be set up and the lawsuit option would be required. How much does it cost to work out the thousands you need to register and be confident you haven't left any out? You get customers who will be tricked into getting their 'updates' from fortunecity.com/members/microsoft/ or 80.123.45.6
Re:I have to say... (Score:2)
Yes but if MS spent money on stupid shit like this as a common practice, they would not be making the money they are. And I am sure MS made a hefty profit on the spammer lawsuit and I am sure they are looking forwa
Re:I have to say... (Score:2)
Re:I have to say... (Score:4, Insightful)
At $8 bucks a domain, MS would have been ahead to register those domains compared to the cost of one court case.
On the other hand, though, they did send a message to other domain squatters out there. Like or hate MS, that was a good move.
Re:I have to say... (Score:2)
Re:I have to say... (Score:2)
Re:I have to say... (Score:5, Funny)
Re:I have to say... (Score:1)
Re:I have to say... (Score:5, Informative)
Other articles [theregister.co.uk] on this story say that the spammer used the domain windowsupdatenow.com, which is owned by [dnsstuff.com]:
Re:I have to say... (Score:5, Funny)
Re:I have to say... (Score:2)
Re:I have to say... (Score:3, Funny)
Actually, they did... (Score:5, Informative)
Windows Update [windowsupdate.com] is owned by microsoft - in fact, it is one of the URL's that the blaster worm [symantec.com] DOS'ed.
According to this register article [theregister.co.uk] that someone posted, the website that the spammer registered was windowsupdateNOW.com
Re:Actually, they did... (Score:3, Interesting)
Which is a good argument for companies to use sub-domains rather then registering top-level domains willy-nilly.
It's a lot harder to get hijacked if you mistype "windowsupdate.microsoft.com" as "windows-update.microsoft.com". So long as Microsoft maintains careful control over their top level DNS server.
It's just a pet peeve of mine from the
Re-distribute the cash? (Score:5, Interesting)
I recently added rbl support (spews and spanhaus), spamassassin and the mimedefang milter to our company incoming mailserver and it's REALLY making a difference! Since I have a corpus from hundreds of people too, the bayesian side is already extremely good. It still lets the odd scam through, but being a company I can't afford to block anything by accident.
Re:Re-distribute the cash? (Score:5, Funny)
Re:Re-distribute the cash? (Score:2)
Re:Re-distribute the cash? (Score:2)
Re:Re-distribute the cash? (Score:2)
Re:Re-distribute the cash? (Score:1)
Re:Re-distribute the cash? (Score:2)
Re:Re-distribute the cash? (Score:3, Informative)
I would guess that the claim Microsoft's campaign against spam has netted them $54 million from six judgments is likely false. They may have been awarded $54 million, but collecting is always another matter. I would not be surprised if the total collected is just in the thousands. And that likely is less than the legal costs, meaning their net is probably a negative number.
Of course, that is pure speculation. I have no facts to back it up. But then again, this is /.
I would say that's probably correct (Score:2)
MS isn't doing this to make money, I mean even if they had made $54 million, that's a drop in the bucket for their finances. They are doing it because spammers hurt their bussiness.
We know that people are very bad at researching claims, hence if they recieve an e-mail climing to be from MS, they likely believe it. When that link then spywares their computer, they blame MS for it. Als
Re:Re-distribute the cash? (Score:2)
Crispin
"Microsoft Wins $3.95 Million" (Score:5, Funny)
Re:"Microsoft Wins $3.95 Million" (Score:2, Insightful)
Remember, the enemy of your enemy is not always your friend.
Re:"Microsoft Wins $3.95 Million" (Score:1, Funny)
No, he used BSD. (Score:1)
Re:No, he used BSD. (Score:3, Funny)
No, he uses BSD, so his business is dying.
A victory is always a victory... (Score:1, Insightful)
heh (Score:1)
How do we feel? (Score:5, Funny)
Re:How do we feel? (Score:2)
Didn't they do a He-Man episode about that very same topic?
Re:How do we feel? (Score:1)
Re:How do we feel? (Score:1)
Re:How do we feel? (Score:3, Interesting)
Re:How do we feel? (Score:2)
You break out the popcorn and caffeinated beverages.
Cheers
Stor
Re:How do we feel? (Score:2)
Let them get on with it for a while, then get some badass trees to stomp the spammer, while sending a couple of midgets to melt down some of Bill Gates' favourite jewellery.
The secret formula! (Score:5, Funny)
2. Sue the people who hijack PCs via the above mentioned mail client.
3. Profit!
The enemy of my enemy is my friend...
I feel confused.
Re:The secret formula! (Score:1)
Re:The secret formula! (Score:5, Insightful)
What the hell are you talking about? If you'd bothered to open up the article and, you know... READ it, you'd see that 1) they "profited" because this idiot registered a domain name in violation of their trademark and 2) there was no hi-jacking - the moron "victims" had to download the toolbar entirely of their own cognition.
I don't know what this has to do with any mail client other than the fact that the guy happened to be sending e-mails for his little scam...
Re:Am I my keeper's brother? (Score:5, Informative)
http://www.proxypot.org/ ?
They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.
As a bonus, none of the spam that the spammers try to send through them reaches any victim.
For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)
It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.
A suggestion (Score:4, Funny)
So what? (Score:5, Interesting)
These law suites are good for victim satisfaction, but will not stop spammers, and in both the large and small of things really have no effect at all on spam.
No, this and things like it will help (Score:3, Insightful)
If spammers are getting sued and arrested left and right, and loosing all their ill gotten gains from it, makes it much less likely they'll go back in
Re:No, this and things like it will help (Score:2)
Remember, spammers operate outside the system. They could not care less about this or that or the other thing. Get real. Stop wasting your time. Filter it and forget.
SPAM IS NOT A PROBLEM (Score:2)
This has very little to do with spam. (Score:5, Insightful)
While I think it's great that yet another "identity thief" (sort of) has been busted, this does little to stem the flow of spam. What we truly need are more cases that are strictly based on the sending of unsolicited commercial e-mail. We've got some great [spamlaws.com] and not so great [spamlaws.com] legislation out there to protect us... why aren't we using it? Because it costs too much [theregister.co.uk]?
And yes, I know that there have been a few [theregister.co.uk] landmark [theregister.co.uk] cases [cbronline.com] recently, but a few big falls aren't going to convince spammers as a whole to stop spamming. An concerted effort to shut them down via thousands of small lawsuits from you and I would be much more likely to have an effect, in my humble opinion.
Re:This has very little to do with spam. (Score:2, Insightful)
Sendmail. WU-FTPD. BIND.
I mean, not that I'm a fan of Microsoft, but aren't you being a little selective in your choices of hole-riddled software?
Re:This has very little to do with spam. (Score:2)
A) It's intended to be mildly humorous.
B) It's an edit of a quote [theregister.co.uk] from The Register [theregister.co.uk].
C) New holes are often discovered weekly for these packages.
I mean, come on. It's just a sig. It could've been worse [slashdot.org]. I can't believe I'm wasting time defending this.
Hmmmm, does this mean.... (Score:2)
Re:Hmmmm, does this mean.... (Score:2)
The Linux community can run a proxypot:
http://www.proxypot.org/
No positive cash flow, but devastating effects against spammers. On the brighter side, no time spent with lawyers and courts: it's all Linux. The bigger goal is to end spam. Collecting cash settlements (which proably drive the spammers into bakruptcy) are just one aspect of the larger battle.
You've got to look at:
http://www.proxypot.org/reports/pacman
This is how spam fighting is done. At the
cash? (Score:4, Interesting)
Did the guy keep a couple of millions in the attic, just in case? Or is he broke, struggling to pay his lawyers..?
Slashdot MS Borg icon (Score:1, Funny)
/. moral dilemma (Score:4, Funny)
Yep.
Microsoft wins settlement (Score:4, Funny)
I actually feel a little nauseous. (Score:1, Redundant)
Microsoft... and LAWSUITS.. and... sweet Jesus. This is a good thing!?
I feel the same way I would if Osama Bin Laden gave me a preview copy of Half Life 2 - conflicted and bewildered.
Wow, I misread the title as... (Score:1)
Re:Wow, I misread the title as... (Score:2)
Probably that's closer to what they'll actually collect. If the spammer has a brain, he's put his money out of reach. Maybe he could lose his house or car, but that's easily put in the name of a spouse or relative. OJ Simpson had a $30 m + judgement against him but has barely paid any, while still enjoying golf in Florida.
Someone was also using exploits in their name (Score:4, Interesting)
Well.... (Score:3, Interesting)
*mumble*Idiotic food bigots*mumble*
Toolbar... (Score:5, Informative)
No but from this article [theregister.co.uk] on The Register:
"In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."
Two faced...? (Score:2, Interesting)
Strange, isn't it?
That sound you hear... (Score:1, Funny)
when will we take security seriously? (Score:3, Insightful)
I have noticed this with bank websites as well. When online banking first grew big, I got an email survey that asked for personal information and led me to a third party site. I asked the bank if the survey was legit and they said it was. More recently the bank started letting users log in from an unsecured home page. Passwords seem to be protected, but we now have introduced a system in which users are accustomed to submitted sensitive information on unsecured pages. This habit can only benefit the crooks. I mean the latest exploit, involving ads on bank pages, should have been identified early as a security risk. I guess the risk to customer was less than the greed of the banks.
Re:when will we take security seriously? (Score:2)
It has been only recently that MS has dutifully limited critical updates to security and implemented the process into the OS, a la Apple Software Update.
Works for me (Score:1)
My thoughts on that toolbar (Score:2)
That patch bar (Score:3, Funny)
If it really did, Microsoft would have a fit! Either that, or it'd automatically download and install the Linux distro of the writer's choice.
The phony update site is still up. (Score:3, Funny)
WARNING - do NOT click on the link above if you are running Microsoft Internet Explorer with Active-X controls enabled.
Re:The phony update site is still up. (Score:4, Informative)
The guy used windowsupdatenow.com. for his toolbar. (It's in the article... nkay?)
Those who're running IE with active-X controls enabled should click on it... Perhaps get some more holes fixed :-)
Re:The phony update site is still up. (Score:2)
Are you sure that's for real?
Re:The phony update site is still up. (Score:2)
That should teach me from not trusting you tinfoil-hat types :)
Re:The phony update site is still up. (Score:2)
Re:The phony update site is still up. (Score:2)
(fires up Demon.net's net tools page [demon.net])
windowsupdate.com - WHOIS shows Microsoft being in con
Did the spammer get to (Score:2)
I work for a large company, many thousand of users and it was announced yesterday that MSIE was a LIABILTTYjust existing on the desktop and will be removed from ALL CORPORATE WORKSTATIONS. They have done some fairly extensive mod'ing to a Firefox build it looked like to me, and arranged an internal update system for redistributable packages from MS in the way of OS/OFFICE updates.
May be smoke and mirros in the end but all I can thi
Question (Score:5, Funny)
Did they click on the blinking monkey?
revenue to offset their other legal woes (Score:2)
Vouchers (Score:2, Insightful)
Daniel Khooshnood (Score:2, Informative)
Re:This is helping them more than most of their pr (Score:5, Interesting)
Registering a website with that name so he could send spam, he deserved all he got. What Microsoft do with the money is another matter.
This is an example of what I would consider fair use [microsith.com]. Not sure that they have updated it in the last 10 years though
Re:This is helping them more than most of their pr (Score:1, Interesting)
Classic dilemma (Score:5, Funny)
rewarding Microsoft = bad!
why am I so split over this?
[set headbangmode = 1]
Re:Classic dilemma (Score:3, Funny)
Re:obnoxious troll (Score:1, Offtopic)
commentary (Score:1)
Re:Well, now we know why they're interested (Score:5, Interesting)
Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.
Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.
It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus [spamhaus.org] operates almost entirely on contibutions and sponsorships, Spamcop [spamcop.net] has a legal defence fund, Spam Assassin [apache.org] is now under the auspices of the Apache Foundation... the list goes on.
Re:Well, now we know why they're interested (Score:2, Insightful)
Internally, spam hurts Microsoft as much as it hurts any other company that depends on email for their day-to-day operations. Externally, it makes Hotmail and MSN email accounts much more expensive to provide.
No doubt Microsoft is not acting solely for the public benefit -- I'm sure they're seeking some good PR from their campaign against spammers. But to ascribe their actions entirely to greed a
Re:Well, now we know why they're interested (Score:2)
Well, look at it this way - if the end users are getting "hundreds" of junk mails every day, how many hundreds of thousands are the ISPs and email providers having to carry and deliver?
MS runs Hotmail and MSN; their bandwidth and storage charges due to spam are at least as great as those of their end users. Spam hurts everyone involved, not just the end user.
Ever seen Jurassic Park? (Score:2)