Highlights
– A federal court in Chicago ordered spam ring’s assets frozen and the network shut down
– Spam ring controlled over 35,000 computers and sent billions of spam messages
– Despite best efforts by authorities the amount of spam continues to increase
Federal authorities won a major victory against one of the largest e-mail spamming rings in federal court on October 14, 2008 when a United States (US) District Court in Chicago ordered the group’s assets to be frozen and its spam network shut down. In a press release by the Federal Trade Commission (FTC), the group known as HerbalKing was running one of the largest spamming operations on the Internet sending billions of unsolicited commercial bulk e-mail (UCBE) messages to Internet users over the past 20 months promoting replica watches and a variety of pharmaceuticals. At one point the group, which had ties to six different countries including Australia, Canada, New Zealand, India, China and the United States, was sending up to one-third of all spam on the Internet. The FTC stated it had received more than three million complaints about spam messages connected to this operation.
The FTC with the help of security firm Marshal Software discovered the ring was employing a botnet, a global network of computers infected with malicious software, to send up to 10 billion e-mail messages per day. The botnet consisting of 35,000 computers was called “Mega-D,” named after one of the ring’s pill products, and was estimated by Marshal Software to be the leading source of spam on the Internet in January 2008.
The defendants in the case include a New Zealand citizen living in Australia and a woman living in Texas who handled the group’s finances. Both individuals had control of four companies they used to sell fraudulent drugs and merchandise.
A commissioner with the FTC stated he hoped the closing of this operation would help make a small dent in the amount of spam coming into consumer’s e-mail inboxes. While many legitimate Internet users would welcome this turn of events, history has shown that for every spam network shutdown, another one comes along to fill the void. Over the past year, the level of spam traversing the Internet has increased. In the mid to long-term, we expect these trends to continue despite the best efforts of government agencies charged with enforcing anti-spam laws and the increased use of sophisticated technology aimed at combating spam.
Group’s Activities Were International
The FTC stated the activities of HerbalKing were remarkably international in scope. The group based its websites in China, processed credit cards from the former Soviet republic of Georgia and Cyprus, and transferred funds among members using ePassporte, an electronic money network. The financial activities of the group were monitored closely by FTC investigators who said the group cleared $400,000 in Visa charges in one month alone. When customers purchased popular prescription drugs from the ring, the drugs were shipped from India to global customers.
Spam Levels Have Continued To Rise
The potential for large profits combined with the ease and low cost of operating a spamming network has attracted many to conduct illegal spamming operations for the past decade. Despite the efforts of law enforcement and federal agencies like the FTC, the total amount of spam traveling the Internet has overtaken legitimate e-mail messages. According to the October 2008 monthly spam report issued by Symantec, a leading developer of computer security products, 78 percent of all e-mails traversing the Internet are spam. The report also claims that beginning in October 2007, spammers began taking a special interest in the turbulent US economy. E-mail messages involving mortgage scams, get rich quick schemes and other dubious financial offers have been flowing into users mailboxes for the past year.
On May 30, 2007 a 27-year-old chronic spammer by the name of Robert Alan Soloway was arrested in Washington state after an investigation revealed that he was using networks of compromised “zombie” computers to send millions of spam messages over a four year period. Soloway was considered one of the top 10 spammers by an Internet safety specialist with Microsoft. Federal prosecutors charged Soloway with identity theft for taking control of an Internet domain owned by someone else.
Over the past decade, the FTC has brought more than 100 cases against spammers and spyware vendors. Despite its best efforts to prosecute some of the most chronic abusers of e-mail, a perpetual list of the top professional spamming operations known as “The Register of Known Spam Operations (ROKSO)” continues to be updated by the nonprofit antispam research group SpamHaus. The group estimates the fluctuating list of 150 to 200 members accounts for 80 percent of all spam circulating the on Internet.
In the mid to long-term, law enforcement and the FTC will continue to target these large spamming enterprises, but the most effective means of reducing the amount of spam on the Internet will come from diligent users who keep their computers protected from becoming participants in a compromised network of computers.