IT Security Blog

I've officially had enough of the moniker "Spam King."  In an attempt to continually overplay the significance of every American spammer arrest, the media insists on calling every arrested, indicted, and convicted spammer a "Spam King."

The latest example is Eddie Davidson who recently walked away from a minimum security lockup in Florence, CO (By the way, how is Colorado getting so popular for spammers lately?) while serving his 21 month sentence for mass mailing stock pump and dump spam on behalf of nearly 20 companies.  According to this article, he is yet another to earn the spam monarch title.

If the numbers reported in the article posted by thedenverchannel.com are true, hundreds of thousands of stock pump and dump spam (over what time frame these messages were sent was not given) hardly puts Mr. Davidson in the realm of a king in the spammer community.  Compare that to the hundreds of millions of messages that MX Logic processes alone on a daily basis and I would put him more into the realm of a child learning to walk.   If you want your true Spam Kings, check out the Top 10 Worst ROKSO Spammers according to Spamhaus here.
As I've stated previously, I am certainly not bemoaning the fact that governments around the world are stepping up their efforts in order to get as many spammers off the streets as they possibly can, but can we please not sensationalize them by calling them Spam Kings?

Jason Michael Milmont, the author of the Nugache worm, and the creator of what came to be known as "Fast Flux" has plead guilty to one count of unlawfully accessing computers, a felony, in a Wyoming federal court.

Fast Flux is an abuse of the domain name system (DNS) by which botnets will continually rotate the IP addresses associated with a malware infected web site to evade detection and forensic analysis.  This constant mobility makes the botnet very difficult to shut down.

There is also an evasion tactic called "Double Flux" which is similar to Fast Flux in that it will not only rotate a domain's responding IP addresses, but also that domain's authoritative name servers.  The reason that it is called "Fast" flux is because these IP addresses will rotate as often as every couple of minutes.
The Nugache worm was used to launch distributed denial of service (DDoS) attacks as well as steal personal information such as credit card numbers from the computers that were infected with Nugache.  It has been estimated that controlled up to as many as 15,000 on his botnet.

Under the terms of his deal Milmont has agreed to pay approximately $74,000 in damages and faces up to five years in federal prison. 

In my opinion, this story is only significant because of Milmont's contribution to the botnet community with how his Nugache worm used peer-to-peer networking technology and fast flux in order to create a fully redundant, interconnected network to prevent his botnet from easily being shut down.  The size of the Nugache botnet (about 15,000 computers) pales in comparison to some of the botnets that we are seeing today, but the work done by Milmont paved the way for worms like Storm which heavily relied on fast flux to stay alive.

Back in May, 2007 Robert Alan Soloway, a "Spam King" (as he was dubbed) was arrested on criminal charges by the Justice Department (read the original blog post with my thoughts on this event) and at the time there was a lot of discussion amongst the media as to whether or not this was a significant event.  Would spam volumes fall?  What effect would it have on the spammer community?  Have we won a major battle in the fight against email and internet pollution?

My opinion then was that it wouldn't have an effect and the numbers over the past 10 months since his arrest have backed up that claim.  Since May, 2007 email spam volumes have actually increased by about 150%! 
So, did this have an effect on the spammer community?  Clearly not from the standpoint of the cyber criminal's use of email as an effective delivery vehicle.  If it had any effect at all, it was from the perspective of further emphasizing that spammers should remain as behind the scenes and as stealthy as possible.  Soloway very much bucked the trend in this regard and even went so far as to mock a lawsuit filed against his company by Microsoft.

Based on Soloway's guilty plea he faces up to 26 years in prison.  His sentencing is scheduled for June 20th.  So, the question remains: "Have we won a major battle in the fight against email and internet pollution?"  I believe the answer to the question is "Yes", but true success in this war is clearly not defined by victories in small, individual battles.  For every spammer arrested, prosecuted, and fined there are many others ready and willing to carry the torch.

I was talking with our PR firm today with regards to the importance (or lack thereof) of the Robert Soloway arrest. Since it seems as if everyone has an opinion about the topic, myself included (I'm not typically known for lacking an opinion on something, for better or worse), I figured that I would make mine known.

Before I get labeled as a naysayer, let me first say that anytime a spammer is arrested, particularly one that was responsible for as much spam and fraud that he was responsible for, it is a good day. Soloway operated in a manner where he didn't make great strides to hide who he was or what he did. He is widely known throughout the industry both for his "business model" as well as his arrogance and confidence that he would never be caught. So much for that.

The bigger question at hand though is whether or not the arrest of Soloway will make any real difference in the amount of spam that is on the internet? My opinion is that it won't. If it does, it will only be a short term blip on the radar. There are certainly enough other people out there ready, willing, and able to pick up the slack in Soloway's absence. There are more people jumping into the spamming fray on a daily basis, not to mention that Soloway wasn't the biggest spammer out there anyway. Yes, he was a big fish in the pond, but there are certainly bigger fish still out there.

The spam fight is by no way over. This is a great victory, but is only one small battle in the overall picture. Hopefully we will see more of these arrests coming in the near future because a big part of the spammer bravado is the feeling that they cannot and will not be caught. Until more of the big fish are taken offline there is little to deter more little fish from jumping into the pond with the same arrogance.