The Real Profit Centers of Spam: Sponsors

I recently wrote a new entry describing and dissecting the quagmire that is the "spammer economy" on the now-infamous spam-wiki. It's located here. I had spent many months (in fact the better part of a year and a half) researching and documenting everything that I found which described the separate entities and their distinct relationships. The writing and publishing of that wiki entry is the result of not only a lot of research, but a considerable change of viewpoint regarding who profits from spam, how we all refer to them, and what their distinct role is.

Unwanted email spam has been with us for so long now that I think we all, as recipients, tend to associate the incoming messages with one individual, or possibly one group or organization. For years now, even well-respected groups such as spamhaus have referred to these entities - individually or as a group - as "spam gangs" or "spam kings." They've often used teminology or nomenclature such as "Yambo Financial" or "Badcow" to refer to ghostly, unseen groups of criminals. My feeling is (and maybe it's just my feeling): This is no longer an accurate way to refer to the groups of individuals who spend their livelihoods crafting randomized emails promoting illegal fly-by-night urls.

A key turning point came when I was exposed to several discussion groups used by spammers, many of which I will not refer to directly due to the clandestine nature of how I came across them. In these discussions, many of the mailers or sponsors were essentially mocking any references to "spam gangs." In a nutshell: there is no "gang." There likely is no "Yambo financials". While "Alex Polyakov" or "Leo Kuvayev" may indeed be real people, with possible verifiable connections to one or more of the criminal entities who support and thrive upon illegal spam email, my feeling is: that's likely a red herring, put there to divert attention away from the real responsible parties.

Another turning point came during the investigation and raids upon properties directly related to Sancash or Genbucks. (By the BBC and New Zealand law enforcement, respectively.) This really raised the point of who stands to profit the most in these million-message spam runs: sponsors.

Sponsors is not a sexy term when discussing spamming, generally. Usually the press and individual recipients tend to focus on two things: mailers (spammers) and botnets. They make the press most often because it's probably too complicated to go into the depth of detail required to expose precisely who is behind that "p3n1s-p|ll" message you just received. People don't have the time. Referring to a "sponsor" will only confuse them.

The truth is: sponsors, or sponsor organizations (as I commonly refer to them) are the big fish in the spammer economy. They take the most risk, provide the most resources to mailers, and profit the most from spamming. They control everything from the design and functionality of their sites, to their affiliate front-ends, statistics, domain registration, fast-flux hosting and in some cases even the design or copy of the messages being sent.

Who are these sponsors? There are a handful of them in the upper ranks of the spam messages we receive every day. The top three (based on my own research) are as follows:

• SanCash


• Spamit


• Bulker.biz

Pretty much everybody in the world is receiving spam on behalf of these three organizations. They are well-established, have ties to numerous individuals (remember: no gangs. Everyone is an island) who provide them everything from "bulletproof hosting" to botnet infections. They are the ones most responsible for the 90+ percent of crap we all receive every single day.

So let's examine each of them briefly.

SanCash

SanCash is responsible for that old standby: VPXL (also known throughout the past three years as a variety of names including "Manster", "ManXL" and "Elite Herbal." It's all the exact same useless crap. Despite their claims of it elongating your "member", it does nothing. There is tons of evidence out there to support this.)

SanCash was investigated first by an individual blogger [spaminmyinbox], and subsequently by the BBC [see their article here or download the podcast of the investigation here.], only the BBC weren't aware that that's who they were actually investigating. That's because they focused on the entity they could find out in the wild: GenBucks. Genbucks is a publicly available marketing affiliate group. You won't find any mention anywhere on their sites related to "VPXL" (et al.) You will find mention of a variety of other products for which practically nobody has ever received email spam. Their forums discuss banner advertising or "SEO" (search engine optimization) marketing. This is so that it appears that they have absolutely no connection to the rather obviously rampant amounts of spam being sent worldwide.

The first connection comes from how and where certain domains are registered, and how certain sites operate. During much of last year, domains used for the processing of orders on behalf of ManXL and Elite Herbal sites (domains like "mysecurepaysite.net", now long since out of use) featured a registrant's email address of "pilldude@gmail.com". Do a search for "pilldude" and you'll inevitably find the Genbucks forum (http://genbucks.com/forum/search.php?searchid=720) and his own genbucks blog (http://pilldude.genblogger.com/).

It is no coincidence that all posting on behalf of "pilldude" stopped abruptly at precisely the same moment that members of New Zealand law enforcement executed a raid on 20 properties in Christchurch, New Zealand as a direct result of the information uncovered by the BBC and spaminmyinbox. (See story here.)

But look around and you'll see people openly discussing SanCash, making no mention of Genbucks. Clearly the connection is there. They just want people to (wrongly) focus on GenBucks, when in reality it's SanCash that's profiting from VPXL spam.

Following the New Zealand raids, several people posted on Bulkerforum.biz regarding the raids and the investigation, making it extremely clear that the investigation was definitely on the right track:

ubuntu

Joined: 06 Feb 2007
Posts: 12

Posted: Thu Dec 20, 2007 10:26 am
Post subject:

not sure if this is sancash

this is related to this audition.. and hmm.. looks like GB...

http://www.bbc.co.uk/radio4/theinvestigation/pip/uvboh/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jhood

Joined: 23 Oct 2006
Posts: 151

Posted: Thu Dec 20, 2007 11:51 am
Post subject:

thanks for link ubuntu..

eliteherbal/manster IS SanCash

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

icanspam

Joined: 10 Aug 2007
Posts: 52

Posted: Thu Dec 20, 2007 2:22 pm
Post subject:

SA?

Shane Atkinson, bro.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mail4spart

Joined: 15 Sep 2006
Posts: 33

Posted: Thu Dec 20, 2007 5:18 pm
Post subject:

I know Shane is a straight up guy and doesnt deserve all this heat. I hope he can survive this like he did last time he came under a lot of heat before him and his brother. He has been running a smart business for a long time and looks after his people and if he has to shut down the biz there will be many affiliates effected and unpaid.

"jhood" puts a very fine point on it: "eliteherbal/manster IS SanCash". So it's clear: they knew this operation was in trouble due to the investigation.

It didn't stop the spam at all, of course. And in the meantime "spaminmyinbox" has been sued and placed under a restraining order by Genbucks' offices in India, meaning he can't post more detail about his indepth investigation.

Following the raids, sancash.com as a domain completely shut down and I and other individuals noticed that new names began floating around, among them "etranzmu." As we speak, the new location of SanCash is unknown and their representatives (on bulkerforum.biz: azzy and sanjay) have taken all discussion regarding SanCash "off-forum". This is a clear sign of two things:

1) They must be feeling some heat.
2) They know they're operating in violation of the law.

You can read much, much more about this operation by reading the SanCash entry on the spam wiki.

Products they are known to spam (based on domain registrations and the use of the "Infinity Secure" order processing page):

• VPXL (Also known as Express Herbal)


• King Replica


• Diamond Replicas


• Prestige Replicas


• ED Pill Store / ED Pill Shop

And previously-spammed products going back at least two years or so:

• Manster


• ManXL


• Elite Herbal


• Extra-Time


• More-Size


• Wondercum


• Spur-M


• Personal Pussy


• Penis Enlargement Pills


• Penis Enlargement PatchRX


• Vigramax


• FatBlaster


• Hoodia

Spamit

As we've seen with SanCash, Spamit also has a shell, publicly available front-end company which is easy to find but which (again) doesn't discuss email spamming in any form whatsoever. That "company"'s name is Glavmed.

Spamit, unlike SanCash, still has a publicly available affiliate portal, but not much else is known regarding their operations. Their representatives on bulkerforum.biz were named kref and spamit. I say "were" because with absolutely no fanfare at all, their bulkerforum accounts and all postings were completely deleted on or about Feb. 11th, 2008.

Spamit is behind several very malicious forms of spam. They're probably best known as the sponsors of "Canadian Pharmacy" or "US Pharmacy", both very prolifically spammed, and notable for their focus on the sale of controlled pharmaceuticals such as Hydrocodone and Ambien. Mailers who send on behalf of this group have abused so many systems and so many trademarks and email templates that at some point I should think that a variety of large corporations should be able to serve a class-action corporate lawsuit against them. Here's only a few examples of the abuse that they are known to perpetrate in the name of landing even a single message into an individuals email inbox:

• Hijacking or hacking of publicly owned web servers to be used as redirectors or image hosts.


• Use of whitelisted corporate email templates to bypass spam filters, predominantly used only in Hotmail mailings.


• Use of the same domain to redirect to a Canadian Pharmacy website, present a dynamic / randomized stock spam gif image, or download an infection exe for Storm worm.


• Hijacking / hacking of a publicly owned web server to perform either a redirect to a Canadian Pharmacy website, or to download a new infection exe for Storm worm.


• Automated creation of several hundreds of thousands of redirection pages on free web services such as Geocities, Google Pages, Lycos Tripod and Blogspot.


• Persistent spamming to newly-created gmail accounts, even ones which have never been used at all, within days of creation.


• Persistent spamming to any and all "catchall" addresses, to any domain in the world, several dozen times per day. (Often several times per hour.)


• Completely false claims throughout all spamvertised properties. Everything: their claims of security and safety of offered products, who is on their staff, where they are located, who supports them -- all claims are 100% false.

What a bunch of charmers.

They are known to register several hundreds of thousands of throwaway domains using completely fictitious or nonsensical contact information, and they have been known to register domains using either stolen credit cards or stolen paypal accounts.

Spam sent on behalf of SanCash and Spamit represent some 97% of all the spam messages I receive to any account I control. I know this to also be true of many friends and colleagues.


Products they are known to spam (based on domain registrations and the use of the "Infinity Secure" order processing page):

• Canadian Pharmacy


• US Pharmacy


• Downloadable Software

Note also that "Canadian Pharmacy" will revert to "European Pharmacy" upon auto-sensing of your IP address's geographic location. It's the same site, though.

There are probably many more, but these are the top three for this sponsor.

An additional note regarding Spamit and the Storm worm.

Spamit have been directly tied to infection attempts for the Storm botnet as listed above. We can still see evidence of this even now. Here's two urls I was spammed today [omitting their use of Google ads click linking].

http://westphoto.org/video.exe [do not visit this link on an unprotected computer]
http://scramignon.com/redir.html

As mentioned above, both of these domains are publicly owned, legitimate websites whose servers have been hacked and had these files (video.exe, redir.html) placed on them.

video.exe claims to be the "storm codec", and spam for it usually contains some kind of social engineering copy to fool you into thinking you're downloading a naughty or voyeuristic video. It is of course an infection file for Storm worm.

The redirect in this case points to "sugaronly.com", a Canadian Pharmacy domain.

But let's switch the two around:

http://scramignon.com/video.exe [Again: do not visit this link on an unprotected computer]
http://westphoto.org/redir.html

They both still work. This means that these domains (and several thousand other such hijacked domains) can be re-used in parallel spam runs.

This indicated that Spamit as a company, and Canadian Pharmacy as a brand, rely heavily on high numbers of infections of the Storm worm.

Spamit also has a spam wiki entry, but it is currently missing a lot of this detail.

Bulker.biz

Bulker.biz is possibly one of the older sponsors of illegal spam in existence today. Thanks to the above-mentioned illegal activity of Spamit in relation to Canadian Pharmacy, Bulker.biz is no longer the most malicious spam sponsor organization around.

It's only recently that I noticed that representatives of bulker.biz publicly stated that bulkerforum.biz is mainly in existence because of their sponsorship. It makes sense (and was so obvious that I'm surprised nobody picked up on it earlier.)

Bulker.biz is perhaps best known for that old standby, "My Canadian Pharmacy," which I'll refer to as "MCP". At one point, MCP was the most prolifically-spammed property in existence, accounting for several million spam messages per day, and even peaking at an estimated 20 billion messages sent in a 24 hour period. (Based on research by the i-Law group in May, 2006. [Summary available here.] At that time it was unknown that bulker.biz was responsible for the MCP "brand".

MCP was the first criminal spam operation I researched, which culminated in a report which I provided to law enforcement in seven countries, and a revised summary entry in the spam wiki. You can see from this entry that just like spamit, bulker.biz is responsible for quite a bit of abuse to this day. A sampling of their illegal activity:

• Hijacking of publicly owned Unix servers for everything from DNS hosting, to website hosting, redirections, and image hosting. [This continues to this day.]


• Completely false claims throughout all spamvertised properties.


• Automated creation of several hundreds of thousands of redirection pages on free web services such as Geocities, Google Pages, Lycos Tripod and Blogspot.

Again: charming.

The unique targetting of Unix servers is of particular note, since it's the same method of hosting used by bulkerforum.biz, further tightening the link between the two. You can obviously read much more about them in the spam wiki entry.

Bulker.biz is responsible for a very large amount of spam for the following properties:

• My Canadian Pharmacy


• International Legal RX


• US Drugs


• VIP Pharmacy ("Viagra + Cialis")


• Canadian Health&Care Mall


• Men Health (Men+ Health)

And other sites they were directly responsible for, but for which less spam was seen:

• Exclusive Caviar Online


• Double Your Dating

Bulker.biz is represented on bulkerforum.biz by member "ebulker".

You'll notice that I make specific mention of their mailing practices. That may or may not be directly attributable to the sponsors directly, but especially in the case of Spamit, they clearly have people in their ranks who insist upon spamming every email address in existence in the off chance that two of them might actually receive it and link all the way through to a purchase. It can't be a coincidence that virtually everybody in the world is receiving spam for their websites. If it were an individual mailer, we would see the same volume of spam for a variety of other sponsors. It's for this reason that I specifically include any mention of mailing practices or frequency.

An additional point specifically regarding Spamit's Canadian Pharmacy and all pharmacy properties promoted on behalf of Bulker.biz: I mentioned above that they lie. It's important to note precisely to what extent they lie. In the case of MCP, they lie with literally every single word on that site. They have a completely laughable "about us" page which features mini-bios of completely fictitious "doctors", whose faces are actually gleaned from stock images of surgeons and medical personnel. There is no "Jack Poppins" or "Carl Rose". The same is true of Canadian Pharmacy, which also features stock images (probably used without permission as well) and makes completely false claims regarding their "pharmacists" and licensing thereof. You can see a great deal more detail of these falsehoods in the MCP spam wiki entry.

As I mentioned above: sponsors are the big fish. They are the ones who register and provide hosting for the thousands of spamvertised URLs we see every day. They often also provide pre-made blogspot or geocities redirects (which they hire an individual to create.) They pay out the commissions to the mailers who spam on their behalf. They take care of the credit card processing (using high risk merchants who they pay to provide stable credit card processing on their behalf.) They take care iof any botnet-supported web hosting or DNS rotation. They're the source of all of this. They know they operate illegally, and they get away with it on a daily basis.

It is my hope that someone in law enforcement, or better yet someone from the legal teams of Pfizer, Microsoft or any other companies whose reputations these sponsors are tarnishing will step up and take action to get them completely shut down. The only reason an individual mailer is able to profit from illegally spamming in the first place is directly because these sponsors, and others like them, fully support their illegal activities, and engage in several more of their own. Shut these three down, and you will have removed three of the biggest criminal operations in existence today.

SiL / IKS / concerned citizen

P.S. Recently the PBS featured a documentary entitled "Illicit: The Dark Trade." (Broadcast on PBS, produced by National Geographic.) I strongly recommend viewing this documentary for its indepth exposition of the wider fake drug / fake watch / fake fashion item trade. It opened my eyes to the deeper profit structure of these networks of individuals, spam-related or otherwise.

Who is Servman? (now that Bulkerforum is down)

Since Feb. 12th, bulkerforum.biz has been dormant. Domain does not resolve and it's not hosted on any of the previously known hijacked IP's. That's interesting in itself, in light of the slew of recent arrests involving illegal spammers.

But there's other interesting news regarding that site. Several members have suddenly been unceremoniously removed. I'll report back on a few of them in the coming weeks, but for now I thought I'd cover one particular member who seems to have actively wanted to cover his tracks: ServMan.

Back in November when Marion Lynn created his blog, spamgossip, he began exposing individual members of bulkerforum.biz, the go-to forum for illegal spammers.

Initially he listed handfuls of people per day, then removed a bunch, then removed a bunch more. Since then it's remained pretty dead, and numerous postings have been removed altogether. As one would expect, this caused people (like me) to dig a little deeper. I checked out some of the postings of the exposed users. At the time, none of it seemed particularly important.

I and many others had recently noticed (before the forum was shut down, if that's what's taken place) that some of those members have suddenly "gone dark" on that forum, notably Phantom (aka: Norman Keith Holmes.)

Then in mid-January I noticed that one of the members, ServMan, had either been systematically deleting any postings he had on the forum, or getting someone else to. (Or, alternatively, one of the admins of that forum may feel that having his particular info on that forum is a bad idea.)

Whenever I see this kind of thing happen, it definitely seems to indicate that there is truth to the exposed information. Why would somebody suddenly shut up unless the name was correct? Especially in light of how that group has acted whenever someone like myself has done this in the past (claiming libel, claiming my info is way off base, etc.) it is stunning just how silent some of the members have become.

Servman was listed as one Adam J. Minic. Searching for that turns up very few hits, but there is one interesting one from the NANAE newsgroup:

Newsgroups: news.admin.net-abuse.email
From: DarkFiber
Date: Sat, 24 Nov 2007 20:46:21 -0000
Local: Sat, Nov 24 2007 3:46 pm
Subject: Re: TURKEY STUFFING: ANOTHER SHITBAG!

On Thu, 22 Nov 2007 19:46:51 -0800, spamgossip wrote:
> SPAM AND EGGS! On Thu, 22 Nov 2007 19:46:51 -0800, spamgossip wrote:
> SPAM AND EGGS!

> The spam is in your mail and the egg is on the faces of these Bulker
> Forum members!

> servman - Adam J Minic - Boise, ID

Highly believable as there is evidence as recent as summer 2007 that Adam Minic associates with veteran spammer Todd Springer of the S & S Global LLC spam business that Todd and his brother, Scott used to run. Adam is perhaps a protege of theirs.

Kind of makes one wonder if Todd and Scott Springer didn't really retire from the spam business.

One also has to wonder if KEVIN JAMES MINIC #18299 who was discharged (as an inmate) from the Idaho Department Of Correction on 03/21/2005 is any relation.

On Dec. 27th, 2007 - the last time I bothered to check into it, Servman was responsible for 11 postings. Prior to that the number was much higher, around 30 or so.



I checked it on Jan. 28th, 2008, just out of curiosity. There were zero postings from Servman. None.



As it happens, I still have copies of some of his postings on the forum. In my opinion, while they are definitely damning evidence pointing to a string of the usual offences associated with illegal spamming, they aren't terribly different from those of numerous other members of the site. Nonetheless, either Servman or someone else must have assumed that this was too much exposure for him.

Here are the details I managed to glean from the postings I was able to archive from bulkerforum.biz last year following the exposition of Servman:

• He expressed interest in Hotmail and Yahoo email list verifier software.


• He was interested in purchasing lists from numerous members.


• He offered a new RX program (ie: Pharmacy spam, like we needed more of this crap.) He paid a 45% commission per sale.


• He used (or uses) DarkMailer (aka: DM) to perform his spam runs.


• He was (or still is) an active member of Sancash, the now-renowned "herbal remedy" spammer affiliate program with ties to Genbucks and Tulip Lab. (yes, VPXL / Elite Herbal / Manster / Megadik, again: like any of us wants to hear about it.) He liked spamming for them and made okay commission apparently. His conversion ratio indicates that he's spamming lots of people who definitely do not want to hear about these products: "My conversions started at 1:80 and have been at 1:150-1:250 ever since." More on this below.


• He was also a member of the bulker.biz affiliate program. (Canadian Pharmacy, I believe, is one of their properties.)


• He has dealt with diploma spamming in the past. Whether he actually mailed it himself is unknown. This is very obviously illegal activity.


• He was in need of new servers in Sept. 2007. He had very specific requests as to the specs of these servers, which were to be used for "proxy mailing", in other words: to use a botnet to send spam, which is illegal. It appears that he may have done a deal with RackSpace06 for those servers, and that he got ripped off by him (or nearly so.)


• In March 2007 he stated "We have entered a new era in mailing. Botnet is your best canidate for re-entering this industry." He then outlined how to get started in the bot-spamming business. It's pretty clear he knows a lot about how to send spam using hijacked and infected computers, to lists of people who very likely don't want to hear from him.


• He hates "antis" (such a stupid term.) Yet he continues to mail to people he knows would prefer not to hear from him. Their complaints make him angry.

What other dealings does Mr. Minic feel would be threatened by exposing him as a spammer? A google search for "Adam Minic" (with quotes) and "boise idaho" (without quotes) turns up a posting dated Jan. 23rd, 2008 on the forum "averyoutdoors.com" from a user named Camo Coatings discussing goose hunting. He is also located in Boise Idaho. I had previously suspended this posting because someone claiming to be Mr. Minic complained that someone was threatening his life based solely on my posting on this blog, ignoring completely that this information was already widely publicized last year by Marion Lynn on his spamgossip blog.

Since he has not shown me any proof of these alleged threats, this posting has been reactivated, with his comments intact. I have excised the contact info, which as mentioned before is already available elsewhere.

I mentioned his "conversion ratio." Conversions are the meat and potatoes of the spam industry if you spam on behalf of an affiliate program. A ratio of 1:80 is not good, by legitimate marketing standards. That means that for every 80 people who end up clicking through to your site, only one of them bought something. Legitimate companies, companies like (let's say) Amazon.com, or Lavalife.com, or any other above-board business which relies on third parties for some of their marketing needs would be hoping to see conversions more along the lines of 1:4, or 1:10. Even 1:10 is not considered a good ratio by legitimate companies. This goes quite a way to explaining the spammer mentality. They don't care how many people (like me) don't want to hear from them, they want money. They want the money for as little effort as possible. They want to follow only two steps:

1. Hit "send"
2. Get paid

Your complaints mean nothing to a guy like Adam Minic / Servman. He can't be bothered to clean his lists because that involves more steps than the two outlined above. Steps like: cleaning your list. Or possibly: choosing NOT to promote fake herbal remedies or illegally supplied fake pharmaceuticals which have no proven medicinal value.

A posting from January 2007 is probably the biggest indicator as to why he doesn't want his personal data out there. It's in response to a posting by mcproxy regarding exposing the personal data of someone who scams you in the spam industry:

The thing is, maybe not posting personal info. but enough to get the point across. Ie: icq, alias, etc.. In a perticular section of the forum. I was just expressing my idea in hopes that we could build something workable. I vote for a scammer section for misconduct and wrong-dooing un-becoming of a valid contact in this biz type of section.. hehe.

Currently if any of us get scammed, I can speak for myself anyways, I will post their alias info at least. I have never posted anyone's personal info. and I am sure never will. But many of us know each other past our alias. So therfor thats the assumed risk we take in business through gui interface..

Maybe my "quick reference section to scammers" is not a great or even good idea, but just wanted to convey my thoughts about this issue.

Any-thoughts guys???

Maybe he's worried about being perceived as a scammer. Or maybe he does business in other areas which would be impacted by having his real name associated with activities like spamming or using a botnet. Aside from the purely legal ramifications, I guess that would definitely impact his bottom line. But then why continue to spam? Why knowingly participate in these activities if you weren't already well aware of the risks?

I'm intrigued to see if he appears anywhere else out there in terms of forum postings. Having said that: I have a life. I'm not going to knock myself out about it. Digging this bit of info didn't take long at all. I like to keep it that way.

It appears that Lynn was correct in identifying Servman. (Surprise!) I'm still not sold that he's effectively identified anyone else, or that doing so has had the desired effect.

SiL / IKS / concerned citizen

Marion Lynn Is Wrong (Again)

It was brought to my attention recently that Marion Lynn (yes, him again. Bear with me, I'll try to be brief) is under the erroneous assumption that I am posting all over the place about him, and essentially harassing him in forums unrelated to spam using the nickname "snap_pop_no_crackle".

An example can be found here, in which Marion responds to the user named snap_pop_no_crackle regarding a story about Auschwitz (warning: not a lot of sensible discussion going on over there.)

14 January 2008 at 8:15 p.m.

snap_pop_no_crackle (Anonymous) says...

snap writes:

marion

,

do

you

think

this

book

will

be

more

profitable

than

outingbulkerbiz's

tome

?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

14 January 2008 at 8:34 p.m.

Marion Lynn

Marion (Marion Lynn) says...

Well, Sil, A**hole or "Snap"; whatver is appropriate, I intend to make my recollections and research available as a free downloadable E-book because I believe that it contains infomation which cannot be found elsewhere and that the information is important to our understanding of history.

Just to set the record straight: I am not that user. Nor do I post on ljworld. Nor would I ever.

I also am not the same username (snap_pop_no_crackle) who is posting on Marion's own rather ridiculous forum, rivercitytalk. (I'm not linking to it. You can find it pretty easily yourself.) I personally believe that snap_pop_no_crackle is a user who originally commented on my blog anonymously back in June 2007:

Anonymous

Anonymous said...

See: http://www2.ljworld.com/onthestreet/2007/jun/01/mos_spam/
for a mass spanking of Marion.

6/07/2007 06:32:00 PM

I could be wrong. It could be someone else. I hadn't even seen that posting, and you can see numerous comments by that user. This was the first I'd ever heard of it, or the username snap_pop_no_crackle. It's still a pretty good read, but that is not me.

Just to further clarify: The only monikers I have ever used to identify myself in all things spam-related are:

• SiL (short for SpamIsLame)
• IKS (short for IKillSpammers)
• concerned citizen

Marion can believe what he wants, but he's (as usual) mistaken.

Which calls into question the quality of the information he's been using to out several members of Bulkerforum. I notice all posting has come to a complete halt at spamgossip.blogspot.com since last November. Much of what he posted didn't amount to actual "evidence" in the first place. Just a litany of names. Clearly he was on the right track with a few of them, notably Phantom. But where's the beef?

I've got one for him to try and dig up: the admin of bulkerforum.biz. What's his name? Where does he live? What else does he run besides bulkerforum.biz?

I would bet dollars to donuts that Marion hasn't got a clue. Not that it really matters anyway; that forum has essentially cannibalized itself.

Anyway. Now that that's off my chest, back I go to fight more VPXL spam.

SiL

2007: A Very Bad Year For Illegal Spammers

2007 is winding down, and I thought I'd take a moment to list just how many big achievements were met by the dedicated research and hard work of all the members of the numerous anti-spam forums such as KillSpammers and CastleCops, and organizations such as SpamHaus, the FBI Cybercrime Division, the i-Law Group, IronPort, SecureWorks, Shadowserver, F-Secure and countless others. Just look at how many large-scale arrests, convictions, and media stories regarding cybercrime and illegal spamming came about in the past twelve months.

In this synopsis I will make reference to several key members of what once was the Kill Spammers forum which was DDOS'd out of existence in August, 2007. The loss of that forum has absolutely not diminished or impeded the continued efforts of its members, all of whom continue to investigate and report all manner of illegal spamming, server hijacking and botnet operation. If anything it's only lead to more and more of us banding together via other means.

Make yourself some hot chocolate and join me in a look back at 2007, the worst year so far for any illegal spammers out there.

January 2007:

• Chris "Rizler" Smith is sentenced to 30 years in prison for drug trafficking, witness tampering and illegal spamming practices.


• Many members of the KillSpammers forum report on an illegal / fake charity known as "Save Childs". It appears to be related to a spate of spam for both Discount Pharmacy (Vincent Chan) and My Canadian Pharmacy (Yambo.) After reporting their multiple spammed addresses to law enforcement agencies and hosting companies, all of the sites are eventually shut down.

February 2007:

• Spaminator creates the spamwiki. SiL creates a lengthy report on My Canadian Pharmacy based on a lengthier report which was already widely cirulated to many security companies and law enforcement agencies around the world. Red Dwarf writes and updates numerous sections. A crucial tool for collecting and exposing evidence is made. Law Enforcement and Spamhaus eventually take notice.

March 2007:

• The Vancouver Sun (among many others) publishes a story about the death of Marcia Bergeron of Quadra Island, BC due to fake drugs purchased from a spamvertised source


• SiL begins performing research on the Yambo sites in assistance of the i-law group (Jon Praed) and IronPort (Patrick Peterson.) His research and other data are eventually used in a web seminar covering the a-z of the My Canadian Pharmacy spam group (Yambo Financials) including an indepth look at their supply chain processes, message dissemination, botnet size and implementation, and server hijacks.


• The SEC suspends trading on 35 spamvertised stock symbols in Operation Spamalot. 14 of the stocks are tracable to Vancouver stock traders. International law enforcement is given huge amounts of data on these companies and the illicit trading manipulation that took place.

April 2007:

• After being inundated with spam for Discount Pharmacy, SiL decides to write a synopsis about their known functionality and operations. AlphaCentauri and Red Dwarf assist greatly.


• ILoveCrapfloods creates FsckChickenboners! (a bot for crapflooding spammers' forms) It slowly gains a following and is refined and modified throughout the year, sending thousands of fake orders to illegal pharmacy and replica watch sites, resulting in wasted time and lost profits for several illegally promoted websites selling counterfeit products.

May 2007:

• Renowned bulkerforum member and proxy reseller mcproxy retires from the spam and proxy reselling business after nearly having his personal data exposed by spam-court.com. This indicates that the research posted on that blog is very much on the right track and leads to a lot of illegal DDOS activity against that site on behalf of members of BulkerForum.


• Notorious repeat spammer Robert Alan Soloway is arrested in Seattle after a federal grand jury indicts him on 35 charges ranging from wire fraud to identity theft. The lawsuit against him is ongoing and he remains in prison in Seattle pending commencement of the trial.


• The country of Estonia has its entire computer infrastructure come under a massive DDOS attack. Everything from train schedules to utilities and banking is completely knocked off the grid for several days. The investigation into this attack is still ongoing and thought to lead to Russian and Ukranian sources. Several rumors floated around at this time that the Russian government itself was behind these attacks. None of this has been proven. This event has the effect of raising the awareness of DDOS attacks and the criminal groups behind them.

June 2007:

• SiL posts a lengthy description of the illegal activities of Nick Danger / Marion Lynn to the newsgroup NANAE.


• AlphaCentauri and SiL begin a coordinated series of reports regarding the Discount Pharmacy hijack of Windows 2000 / 2003 servers. This results in the eventual shut down (or cleanup) of several hundred hijacked servers and a great deal more data on the hijacking process for Windows servers on behalf of Vincent Chan. We eventually see a complete stop in any spam runs for this spamvertised product line around August of 2007.


• Darrel and Jack Uselton are arrested for "hijacking personal computers across the country to send mass e-mails and inflate prices on at least 13 stocks."

July 2007:

• SiL is interviewed in Forbes Magazine for an article about Patrick Peterson from Ironport Systems. The article covers Peterson's investigation of the My Canadian Pharmacy operation, run by Yambo Financials.


• E360 files numerous motions against Spamhaus for labelling them as spammers. All of these charges would later be either withdrawn or dismissed.


• The FBI's Operation Bot Roast identifies over one million computers as being under the control of illegal botnets. This is the first of two such investigations which later results in several arrests directly related to illegal hacking and owning or operating botnets generally.

August 2007:

• Several anti-spam and anti-fraud websites come under a huge, unrelenting DDOS attack. Sites attacked include the Kill Spammers forum (whose domain has remained down since then,) CastleCops, 419eater, thescambaiter, and countless others. Kill Spammers operator KyferEz mitigates the attack on the KS forum to the best of his abilities, but the domain eventually folds. Several of us take up temporary residence in CastleCops (many of us stay active there also.) The criminals behind these attacks idiotically think this will slow us down.


• In what is arguably one of the bigger blows against spammers everywhere, Red Dwarf introduces his diabolical Complainterator™ application for the automated reporting of illegally hosted domains. Over the next several months, several people start using it and it undergoes numerous upgrades and improvements. Use of this tool leads to even some of the more highly unresponsive domain registrars taking notice and removing several thousand offensive domains from their registries.


• Members of the CastleCops Phishing Incident Reporting and Termination Squad (PIRT) as well as their other Termination Squads for spam (SIRT) and malware (MIRT) begin joining the KillSpammers forum.


• Red Dwarf releases the AutoSA application for automated reporting of malware phishing and spamming sites to Site Advisor. He inevitably gets several other sites to provide extended services for users of this tool, notably dnsstuff.

September 2007:

• Red Dwarf begins automating a method of monitoring, researching, collating and ultimately reporting the existence of hijacked PC's using what would eventually become the Botnet scanner. Over a few months he single-handedly reports several tens of thousands of infected IP's, resulting in more of a significant response from ISP's than most of us probably expected.

October 2007:

• Several news stories from October to November 2007 track the Russian Business Network (RBN), exposing its ties to Russian politicians, their multiple shifts in locations from Russia to China to disappearing completely, and interviewing its so-called representative.


• Porn spammers Jeffrey Kilbride and James Schaffer are sentenced to five years in prison, convicted of "conspiracy, money laundering, fraud, and transportation of obscene materials".


• Greg King, 21, of Fairfield California is arrested for performing a DDOS attack on CastleCops in February of 2006. He faces a maximum sentence of ten years in prison and a $250,000 (USD) fine.

November 2007:

• Spaminator creates numerous international domains for the spam wiki and attempts (where possible) to get several large-scale sections of it translated and duplicated into these mirror sites. This proves to be very helpful in its use as evidence against illegal spam operations, and leads to big changes at several previously spammer-friendly domain registrars.


• Marion Lynn creates a blog (spamgossip.blogspot.com) which exposes the identity of several known, high-level spammers who were members of bulkerforum.biz, including Phantom (Norman Holmes), Lizza (Steve Joseph), Dollar (Christopher Brown) Dave (David Oleg Barsky), bigjohnson (Igor Shaposhnikov) and others. Notable omissions are Crypto and moneyminters. It's unclear what prompted this sudden need to tell the world about the identity of these spammers, but he did it. SiL works with members of Spamhaus in collecting whatever is posted on spamgossip and sending it back to them (and law enforcement), and correlating it to the already massive amount of collected information on the members of bulkerforum.biz.


• While we're at it: several other members of bulkerforum.biz begin exposing each other in a spate of scammer outcries on the forum. We didn't even have to do anything.


• SiL transcribes a lot of the content from the spamgossip blog into his own blog (which you are now reading) which has the curious effect of reaching higher page ranks than Marion's blog. Marion later takes down quite a bit of personal data without any explanation.


• Jason Michael Downey is arrested for running a botnet consisting of 6,000 compromised PC's.


• New Zealand law enforcement break up a major international botnet and arrest its ringleader.

December 2007:

• The FBI's Operation Bot Roast II results in the arrests of 8 individuals who owned or operated large-scale criminal botnets.


• Secureworks investigates spamming runs in relation to US presidential candidate Ron Paul and discovers a connection with known porn spammer and botnet operator "nenastnyj", aka Andrew Nenastnyj, known on bulkerforum as "Nena".


• Justin Daniel Medlin is sentenced to 72 months in prison in connection with pump-and-dump stock spam runs he committed during 2004.


• Akhil Bansal is sentenced to thirty years in prison for illegally distributing medications without any prescription. This followed a lengthy investigation dubbed "Operation Cyberchase", documented in a multi-part investigative series in the Philadelphia Inquirer.


• BBC 4's "The Investigation" do some digging into the group behind the rampant spam for "Elite Herbals", leading to a very thorough investigation of GenBucks, Tulip Lab, and one of their spammers, Shane Atkinson. Burgeoning illegal spam blog Spam In My Inbox is also consulted for this story, and much of his evidence matches that of the BBC. This eventually leads to a police raid in Christchurch, New Zealand, resulting in the seizure of "22 computers and boxes of documents from four Christchurch addresses", including that of Atkinson.

Definitely a very active year for people who fight online crime in all its facets, and absolutely a very bad year for illegal spammers.

This kind of activity will only continue. As long as people like myself continue to be on the receiving end of unwanted illegal spam from asshole criminals like the ones listed above, we'll continue to do everything we can to get to the bottom of it. There is a difference between general commercial email, and spam for products that are illicit, fake, counterfeit, or outright illegal - and in some cases lethal. We are not going to stand for this any longer, and this year's numerous arrests prove that.

SiL / IKS / concerned citizen

Fake Diplomas Are Illegal

Many people wonder what the deal is with ridiculous spam messages such as these:

F A S T T R A C K D E G R E E P R O G R A M Obtain the degree you=
deserve, based on your present knowledge and life experience. A prospero=
us future, money earning power, and the Admiration of all. Degrees from a=
n Established, Prestigious, Leading Institution. Your Degree will show ex=
actly what you really can do. Get the Job, Promotion, Business Opportunit=
y and Social Advancement you Desire! Eliminates classrooms and traveling.=
Achieve your Bachelors, Masters, MBA, or PhDin the field of your experti=
se Professional and affordable Call now - your Graduation is a phone call=
away. Please call:1-206-888-2083

This is what's referred to as "Diploma Mill" spam. If it sounds shady, that's because it is. In fact it's 100% illegal to sell fake diplomas, and more importantly it's a crime to represent yourself as having earned such a degree when applying for work.

The spam operation works like this:

- A sponsor handles the printing and shipping of the fake diplomas.
- Sponsor contacts spammers / mailers in the hopes of drumming up leads
- Spammer sends a message to millions of recipients (who probably, like me, don't want them)
- Inevitably one or two of them call the number, which is a voicemail prompt which reads as follows (for the number above, anyway - it varies):

Thank you for calling the university degree program. After the tone, please leave your name and two telephone numbers. One where you can be reached during the daytime hours and one for evenings.

Please do speak clearly after the tone. One of the registrars will be in touch with you shortly. Thank you and have a nice day.

From there, the spammer provides your voicemail response to the diploma sponsor. Lately that process has become a bit more labor intensive for the spammer, since (of course) so many people DON'T want to be contacted regarding this so-called "offer." As a result, several angry recipients of these emails have left voicemails in the hopes of tracking down who is behind them. This leads to issues for the spammer, who previously used to just hand over the voicemails only to be told by a pissed-off diploma sponsor that 4 out of 5 of the calls were angry complaints, or legitimate sounding responses that led to an angry person at the other end of the phone when it came time to reel them in.

So now the spammers have to filter out the complainers from the legitimate people who want to illegally purchase their fake diplomas.

You'll notice that they word the voicemail in such a way as to indicate that you're undergoing some University-style admissions process. In reality this is, as one might expect, a purely commercial process. You want the piece of paper. They want your money. No background check takes place. No school transcripts of any sort are required. All you need is a credit card and an address to ship the phony diploma to. And you're done.

The hazards involved with this flatly illegal practice should be obvious to anyone. Would you trust any new doctor with a diploma on their wall if you were aware that any percentage of real people actively spend their money on these documents? Would you trust a new hire in any field if they presented you with this document as evidence of their expertise? Would you trust a contractor to make any repairs or modifications to your property if they claimed to have a degree or diploma claiming their excellence at what they do?

This kind of fraudulent representation has already happened, and led to some horrifying consequences. In 2003 one Laurence Perry was convicted of manslaughter. He took an 8 year old girl off her insulin and she died. Later, it was discovered that he represented himself with fake medical degrees. That's an old story, so in all likelihood he's out of jail by now.

A similar story unfolded as recently as a week ago, when "Doctor" John Curran was convicted of wire fraud and money laundering, after he "treated" 18 year old Taylor Alves in 2002 for terminal ovarian cancer. He basically ruined her life, which was already in jeopardy after such a crushing diagnosis. He's behind bars for 12 years.

Certainly it's not only medical degrees or MBA's which are on offer from these operations.

The sponsors behind these illegal documents treat it as though it's any other product. One member of bulkerforum.biz (among numerous others) who goes by the name of "Princess" is clearly very experienced in this field. She posted the following back in October of 2007, and apparently generated quite a bit of interest:

Topic: Mailers needed

princess

Joined: 15 Sep 2006
Posts: 25

PostPosted: Thu Oct 04, 2007 2:24 pm
Post subject: Mailers needed

Hi all.
for those who do not already know :)
I Sponsor a University program.
I am looking for more mailers to join our mailing group because my program is expanding.
A leads related program.
Pay starts at $18 to $20 depending on volume, for a good lead.

Q: What is a good lead?
A: A person who responds to your non URL adds who calls the phone number and leaves his contact information with a working phone number. It's so simple just too good to be true.

I use a non URL add that works through an email voice mail system, there is a phone number in our adds.
Only USA or Canada leads needed.
A qualified Mailer should be able to generate at least 10-20 good leads per day.
12 leads *$20 = 240$ USD a day
The conversion our good mailers have, is 70% good leads and about 30% bad. They make from $500 to $1500 weekly.
Payments, sent weekly via Bank Wire or WU.

I have a very good relationship with all our mailers and treat them well because I recognize that they are the fuel that helps run my business.
Please look me up and we can discuss this further.
You can contact me on ICQ # 338-284-118

Thanks Dianna

Cute. "Princess" Dianna wants to sell us fake degrees.

She continued to push this promotion several more times right through November 2007.

Note the specificity of what constitutes a "good lead". No websites, period. This is probably due to the arrest, prosecution and conviction of sponsors such as Craig and Alton Poe, back in December 2004. You can read a brief description of their conviction here. The story itself is quite entertaining not only because it involves lowlife criminal spammers going to jail, but also because of how it came to the attention of the Pennsylvania Deputy Attorney General:

Colby Nolan (pictured, left) is probably the first animal to hold this distinction -- an executive MBA from a university.

Pennsylvania Attorney General Jerry Pappert isn't amused, since Colby is a pet cat and a Texas-based online college allegedly gave the feline a degree for $399.

...

Pappert's office used the pet cat to investigate an alleged scheme designed to promote and sell bogus online academic degrees.

The main reason it was so easy to prosecute them and send them to jail is because they gathered their so-called "diploma leads" via easy to identify websites. Diploma sponsors couldn't ignore this and so they adopted a variety of alternate methods of generating the leads, most notably via throwaway voicemail phone numbers.

None of this makes the practice any more legal, or any more legitimate. If you attempt to use a fake document to gain employment, that's a crime. in the United States: It's a federal offence. Several states have begun cracking down on these illicit operations, and more than half of the states in the US have specific laws on the books regarding the sale of these documents, or the use of them as personal documentation.

As with most other types of spam-related crime, this is generally considered a variety of fraud.

In the case of the Poe brothers, they also generated fake grades transcripts, which is a further federal offence.

As with most other products promoted via illegal spammers: you should avoid these at all costs. Princess said it herself: "It's so simple just too good to be true."

There is a fantastic blog which tracks illegal diploma mills called (appropriately) diplomamillnews.blogspot.com. Definitely worth a read.

One can only hope that spammers convicted of this type of fraud end up being represented by lawyers with similar "credentials."

SiL / IKS / concerned citizen

Marion Lynn's Continuing Rat-Out

This summary is not available. Please click here to view the post.

Nick Danger's Mouth Rides Again (by night)

So as I mentioned, Nick Danger (aka: Marion Sidney Lynn) has been blabbing away on NANAE regarding the alleged treasure trove he claims to have regarding the personal data of several high-ranking members of Bulkerforum.biz.

On Sept. 15th, he created what appears to be a very crude site outlining the personal data and recent malicious activity of bulkerforum member "lizza", who he claims is actually named Stephen Joseph. He posted a new entry to NANAE featuring a link to his glorious creation. I thought I'd take a gander and outline some of the details of the posting here in the event it all goes down (which these things have a nasty habit of doing.)

As I mentioned before: Nick Danger is both a gasbag and a small fry, and my subsequent research, tempered with his own blatherings, has borne out that he probably hasn't ever sent email 1 for promotional purposes. This doesn't preclude him from acting illegally of course. Aggravated identity theft and fraud, not to mention stock manipulation, are still very serious crimes -- at least: the last time I checked. He's still never disavowed performing any of those acts despite boasting loudly on bulkerforum about alllll the sordid instructions concerning how to do so and never get caught.

So. First off, here's a screenshot of the site as he created it (oh and of course, this is definitely NSFW, knowing mr. Danger's prowess with the profanity):

[Edit, June 2008: Due to changes at HideBehind, this screenshot is missing. It will be re-uploaded momentarily.]

Note: it's rather long. This is Marion Lynn we're talking about. The man needs to hire an editor. I have an entire copy of the page should anyone require its full contents. I have not altered a single line of it.

In the lengthy one-pager, he outlines where Lizza / Joseph lives, and that on a certain night between 1:13 AM and 1:21 AM, lizza boasted about ddos'ing or otherwise attacking the bulkerforum website, at ip address 201.0.8.247. That IP address is in Brasil, and is one of five ip addresses which the forum has routinely bounced between since I started doing my own research on them (Sep. 2006.)

He lists some very non-threatening personal details such as where he went to highschool, and what his MySpace identity is. Not much anyone can dig up from that.

He alleges that Joseph lives in Chula Vista, California. How does he know this? Likely from a variety of lengthy conversations they may have had via a variety of means. It sounds like Marion and Steve had some kind of close contact in the past while. I'm not sure what that would be regarding but it certainly seems to point that way.

He also divulges one of lizza's email addresses (steve_joseph87@yahoo.com). I'm sure by now even lizza doesn't even use email for any legitimate communication, thanx to the damage done to that medium by scumbag spammers like him.

The more interesting stuff is in the variety of postings which Marion has posted below that. It's a lengthy re-posting of what appear to be forum postings from a variety of members. I'm not sure if this is from bulkerforum or what, but there are conversations between a variety of members. It's possible that these are even private messages from bulkerforum, or another forum. I can't be sure. The members which are quoted include:

• lizza


• icanspam


• Third Eye

How did he get this information? And who gave it to him?

He also divulges that lizza (on bulkerforum) also goes by the usernames "Flores9xxx" and "nugs". In the previous NANAE posting he also lists the usernames "proyboy", and the nick names "Stevie" or "shorty". He also claims (apparently erroneously) that lizza also went by the name "seven" at one point.

Then "Nick Danger" claims to be quoting a pm between lizza and himself, but using the username "Third Eye". He goes into a great deal of detail about lizza's connection to a company called Lead Point (leadpoint.com. lizza claims that's a red herring but who knows? This is either good research or a massive, meandering wild goose chase.

Also: Does everyone on bulkerforum have this many usernames and aliases?! It's a bit ridiculous event to me. You'd think this was the Lucchese crime family family for god's sake.

Finally: the geocities site makes it clear that bulkerforum appears to be a leaky boat at the very least, and that several higher-up members seem to be sharing private member information in a very loose fashion. Nick Danger wants to make it sound like a problem of some urgency ("IS PHANTOM GIVING OUT YOUR INFO?", etc.) but again: since phantom barely ever says anything on there lately, it's hard to be sure whether Nick is on the right track or not. But clearly: somebody got this info via some means unknown to members of that forum, and it somehow made its way to Marion Lynn. I guess only he will know who gave it to him, or when, or why. I don't personally care. As long as law enforcement are watching all of this it's just fine by me. :)

Since the chat transcript makes it at least semi-clear that lizza is willing to perform a cyber attack against a forum he's already a member of (!!), this makes him a pretty prime target for folks like me whose forum is currently under an anonymous sustained attack (week #5, and my threat still stands.) As I mentioned, this is only one of several attacks currently underway.

So I have handed all of this over to law enforcement in the event it turns out to be useful. :)

I personally feel that the sustained attacks against all of the spam and fraud research sites are being coordinated from Russian sources, and I am narrowing down a list of who that might be. I'll obviously post more as I get it. (Though not before notifying several legal channels first.)

I've also begun several investigations into the background of Steve Joseph / flores99x / nugs / lizza in the event anything can be turned up in that regard. He probably knows enough shady scumbags to pull off one or more of these types of events.

Lizza has always struck me as easily the most paranoid of the bulkerforum members (a close second would be phantom or Crypto, but they now post so seldom it's impossible to tell anymore.)

An aside: a representative of spamhaus named Susan responded to Nick Danger's NANAE posting (linked above), referring to bulkerforum member phantom as "the Australian megalomaniac". That's tantalizing. He rarely gives up any information whatsoever, so I'm digging into that also. (And handing whatever I find over to Spamhaus and Australian law enforcement, if that's where he truly is located.)

This is a bad year to be a spammer of any sort. By my count there have been 7 major arrests just since March of 2007, and three very large-scale court cases (two of which are still pending.) On a daily basis we see new news items of several investigations discovering new suspects and illegal operations, all fed by spam. It's a zero-sum game which just appears to be taking longer than usual to be taken down from the inside out. Why on earth would anyone knowingly become an email spammer in this climate? Why would anyone want to keep doing it? The profits are outweighed by the obvious risks. Apparently nobody in that community appears to be aware of any of this.

Which is a good thing, ultimately. I hope they lock up the whole lot of them and throw away the key. I've never in my life been bombarded on such a frequent basis by illegal advertisements from such a huge group of idiot scum in my entire life.

Keep it up, spamming morons. You'll see exactly where it gets you.

SiL / IKS / concerned citizen.

Spammers = Still Whiny - But Also Somewhat Startled.

Well it turns out I didn't even have to do anything! (Or at least: not as much. :) )

Of all people: Nick Danger went and posted this on NANAE.

Curiouser and curiouser...

I guess he has recently been kicked off of a variety of spammer forums. (Nice job on that one, btw.)

My statement still holds true. I'll make sure the very wrongest of people get the very most of several people's personal information until these attacks stop.

SiL

Spamming And Marketing Are Two Different Things

Spammers continue to assume that spamming anyone, regardless of their interest in their products and services, is a great business plan.

Dollar (aka Swank, aka Christopher J. Brown) posted the following quite a while ago (Oct. 2006):

...this industry is full of immature haters, losers and competitors that hate to see you doing things. Having haters is a sign that youve made it in this industry.

He's wrong of course. One can be a completely compliant mailer and obey laws and not use hijacked machines to perform their business functions and they will significantly reduce the number of people who hate them.

If you spam me, and I object to it, and in response you spam me three times as much as last time: what do you THINK my reaction is going to be? If you keep doing it for weeks, months and years on end: how much better do you think my opinion of you will get? How much will I respect you?

I have a couple of email addresses which have been on somebody's spam lists since the late 1990's. I never asked to be put on them and they were likely scraped from ancient postings on usenet and old websites. There's nothing I can do about that. And now these same spammers are re-selling the lists which include my address, and they simply don't care that in the 10+ years I've been on them: I've never purchased anything from them, and I have never clicked on any of their ridiculous tracking links. They will never see dollar one from me, ever, as long as I live. Yet the messages continue to flood my and millions of other people's inboxes. They seem to think this is a winning business strategy. If dollar is one of these idiots: I'm shocked that he's "made it" in any industry much less bulk unsolicited email marketing.

I have nothing against an individual who chooses email as a marketing tool. However if that same individual starts choosing my email address apropos of nothing to start promoting products I would never in my lifetime wish to hear about: how is that good business sense? Hardcore career spammers see this kind of complaint as mere whining and fail to address it, and then wonder why they get arrested for doing precisely that. I will never understand this mentality.

Marketing thrives on recognizing and addressing a target group of consumers. It's been this way since the first flyer was deposited in a mailbox. You fit a certain age, gender and educational demographic, you will eventually see marketing targeted specifically for you. You may not want it, and for most traditional (a.k.a.: legal or legitimate) marketing formats, you can complain about it, and in most companies the company that sent you their materials has to stop doing so. Spamming - and by spamming I mean indiscriminate, uncleaned list, wholesale email blasting - is quite different. Everyone receives it, studies show that far less than 0.1% of that audience wants it, and everyone is spending lots of money to stop it from getting through. Spammers in return double their efforts to get around these countermeasures.

Why?

Who are the idiots who are finally throwing their hands up in the air and suddenly buying fake Viagra, at risk of their health and their personal data, upon receiving yet another unsolicited, misspelled spam message, probably with heavy obfuscation and an image attachment? Who are these people? Why are they sending their hard-earned money to these miscreants? It just simply does not make any sense. If I weren't seeing any of this spam, I would scarcely believe that anyone would click through it, much less continue on to placing an order, but apparently somebody out there is freakishly stupid enough to do so.

Spammers make the same highly misinformed claims over and over again:

1. They are rich, and we envy them for it (discussed previously on this very blog.)


2. Complaints - especially lots of them - are a sign of success in the spam industry.


3. Spamming is perfectly legal and "just another form of marketing".


4. If you don't like it, you can "just delete it". How hard is that to understand?


5. If they weren't spamming you, somebody else would anyway.


6. Marketing is everywhere, you should just get used to this form of "marketing" as well.

I don't need to go into laborious detail as to why these are all completely false claims.

Everybody by now knows that when you receive 20,000 spam messages and in the midst of them are the three or four genuine messages you actually wanted to read, you can't "just delete" all of them. You have to weed your way through them in the hopes that you don't accidentally delete a genuinely wanted message. This is time consuming and frustrating for pretty much everybody out there who receives email.

Marketing, and by marketing I mean genuine, legitimate, professional marketing, has rules and guidelines surrounding it which career spammers do not follow. For example: I, as an individual or a citizen, cannot just brazenly put up a huge billboard on someone else's building or vehicle. I can't erect that same billboard on land I do not own. I can't call your phone number if you have explicitly entered it onto a "do not call" list. If I violate any of these rules, you could sue me. People do get sued for these infractions and they can face severe punishment including heavy fines and revocation of business licenses for doing so. I can't enter your house and put up posters promoting my product either. There are numerous civil laws which prevent me from performing such activities on property which is not mine.

There's also the small matter of the cost of these forms of marketing. You have to invest a huge amount of time, money and effort to pull of a successful billboard, radio or TV ad campaign. Coca Cola spend billions of dollars every year on TV ads alone and it's a very successful method of marketing for them. Part of the reason Coca Cola is not lumped in with the likes of these career spammers is because they want a very specific message to reach a fairly specific (though widespread) demographic: thirsty young people. If they started sending emails in the same way that these spammers are doing you can absolutely guarantee that they would be vilified and investigated for doing so. There are rules. Coca Cola is following them. Spammers are not.

Spammers ignore all of that and make the blanket statement that spamming is "just another form of marketing." We see billboards every day. Do we complain about them as much as we do about spamming? Of course not. Do we complain about all the TV ads we see every day? Some of us do. But again there's a difference.

If spammers ran the TV ad industry, not only would there be more ads, there would be several hundred of them in sequence, leaving you a measly 2 minutes of actual TV program to watch for every hour of TV you spent watching. People do hate TV ads, but again: there are very specific rules around how often, at what time, and over what period of time you will end up seeing an ad. If I was watching a new episode of Lost and the first commercial break showed me 79 TV ads for a bogus drugstore: I would turn off my TV. I would also complain to the producers of lost that they had "Lost" me as a viewer for good unless they stopped this rampant marketing of products which don't appeal to me. People have done this, and networks have paid attention to this type of complaint.

My comparison of spamming to urination still holds as far as I'm concerned. People urinate every day, several times a day. That doesn't mean that it's okay to urinate anywhere you want, or on people, or on public transit, or at the dinner table. There are specific places to do this, and if you want people to respect you and not be offended, you'll do it where you're supposed to. Nor should you be surprised when people get angry with you for doing so, especially if you keep doing it when asked to stop.

There are rules.

Why this is not obvious to spammers is thoroughly perplexing.

SiL

The Attack Continues...

Well the other shoe just dropped, I guess is the saying.

My old stomping grounds, thecarpcstore.com/phpbb2, was knocked offline this morning by (you guessed it) a DDOS attack.

Given the staggering amount of evidence present here and elsewhere on the web, who do you think it could be that would want to perform that kind of attack? Who would have access to the resources needed to do so? Why members of that old stalwart: bulkerforum.biz of course.

I expect it will be a very small number of days before the boasting begins on that selfsame web forum, and elsewhere.

But what does this accomplish, ultimately? All of the individuals who contributed to that forum: they still hate getting all the spam that these idiots keep sending. They hate that despite asking numerous times to stop sending all of it to them, these spammers haven't stopped. And they hate that not only do they continue to get these unwanted messages, very often they get them twice as much.

How is this good for anyone's business? How hard is it for these moron spammers to recognize that they should just clean their lists? Clearly they don't seem to understand that they're consistently targeting - and thereby abusing - the wrong audience for their so-called "products", and they're wasting a huge amount of people's time, energy and money. They're also ruining the whole experience of the internet in the process.

Spammers love to blame people like me because we "can't find the delete key." That completely misses the point: I didn't want it in the first place, and you just confirmed that you KNEW I didn't want it. That makes you, the spammer, doubly stupid.

Attacking sites which take on the task of compiling data regarding their operations, and reporting and exposing their underlying personnel, only further exposes how tenuous your "business" is in the first place. If all it takes to piss you off is bring more attention to how you operate, doesn't that make it that much more probable that we'll make sure that the same info gets into the hands of someone with more tangible tools to take you down? DDOS'ing our little forum is proof that we've been on the right track for a while, and it's further proof that the spammers somehow think that this information is "dangerous" to have in the public eye. Knocking that forum down won't stop the information from being made available. Nor will it stop those of us who have collaborated so closely over the past year and more to make sure we tell even more people about these scumbags.

Many members on bulkerforum.biz like to make the claim that (a) we're just jealous because they can profit from spamming and (b) that they are only making an "honest" living, and that we hate them for that. ("The terrorists hate our freedom")

They fail to provide any answer at all when it's pointed out that the "drugs" that they are promoting via their spam comes from sites that lie; they're not secure, they have absolutely no support or endorsement from the Better Business Bureau, or Visa, or VeriSign, and the drugs that they sell are fake.

They don't have any answer when we point out that stock spam is indeed an illegal and fraudulent act, which carries with it some very high fines and sentences. How is that an "honest" business.

Fake diplomas: how "honest" is that as a product? That's not legal either. How is it an honest way to make a living? Would you trust a guy to build your house if he had a fake engineering degree? How about your lawyer? How about your doctor? We're supposed to be envious that this is how they make a living? That's total bullshit.

Selling mortgage leads collected via spam may be profitable, but that doesn't make it any more legitimate when you're spamming it to people who aren't even in the US to begin with (easily more than half these idiots' lists are full of peoplle from Canada and overseas, none of whom are supposed to be offered these mortgages in the first place. The spammers know this, yet they don't clean them from their lists, and further to that: they ban the ip addresses for overseas users.

How is any of that "honest" or legitimate? And why on earth would any of us be envious of any spammer who said that they profited from it? People have already started dying from taking some of the fake drugs sold by these illegal pharmacies. What else will it take?

DDOS'ing our forum won't stop that information from getting out, and it won't stop even more people from remaining angry as hell at the people who continue to send this crap out.

There have been not one but two very high profile actions in the past few weeks in the courts regarding illegal spammers. I fully expect that this is only the beginning of a long line of arrests, convictions and guilty pleas still to come. The only question is when, not if, more will take place.

SiL / IKS / concerned citizen