The arrest of "Spam King" Robert Alan Soloway might not reduce the junk mail in your inbox, but it has certainly raised awareness about the strategies spammers are employing these days.
The U.S. Attorney arrested Soloway, the 27-year-old mastermind behind a large volume of world's spam, on Wednesday last week. With the arrest, authorities made public some of the strategies and tactics of a notorious spammer who sent tens of millions of e-mail messages to advertise his company's products and services.
According to the U.S. States Attorney's office, Soloway constantly moved his operation from host to host and domain to domain. It was hosted on a minimum of 50 different domains. Since 2006, Soloway registered the domain names through Chinese ISPs in an apparent effort to hide their true ownership. And, in at least one instance, Soloway used another person's credit card to pay for the domain name used to host the Web site for his firm, Newport Internet Marketing Corporation.
Forged E-Mail, Fake Headers
The spammed messages used to advertise Soloway's company contained false and fraudulent header information, and were relayed using networks of proxy computers, or botnets, to disguise the originating IP addresses of the spam, according to the U.S. States Attorney's office.
Many of the false headers contained forged e-mail addresses or domain names that belonged to other people, businesses, or organizations, causing these innocent parties to mistakenly be blamed for the spam that Soloway transmitted. As a result, innocent parties whose e-mail addresses and domain names Soloway forged sometimes had their legitimate addresses "blacklisted" as spam sources.
Soloway refused to remove e-mail addresses from his distribution lists, leaving some victims with no choice but to close their e-mail accounts or cancel established domain names to stop the spamming, the U.S. States Attorney's office reported. Soloway and his company have been the subject of hundreds of complaints to the Federal Trade Commission, the Better Business Bureau, and the Washington State Attorney General's Office.
As part of the indictment, the government is seeking $772,998 as proceeds of Soloway's unlawful activities.
Rise of Malicious Spam
The experts at security firm Sophos note that up to 90 percent of all spam is now relayed through zombie computers -- those PCs hijacked by Trojan horses, worms, and viruses and taken over by hackers. Zombie computers do not need to be based in the same country as the computers being used to send the spam.
Despite the Spam King's arrest, there are plenty of botnets and zombies still up and running, so the volume of spam is not expected to drop. In fact, there are about 200 major spammers in the world, so when one is taken offline -- through arrest or some other circumstance -- there is a momentary drop in spam, but that slack is quickly taken up by other spammers, according to Carole Theriault, a senior security analyst at Sophos.
"Even if we did see a spam decrease -- which will only come if people stop responding to messages, clicking on the links, and buying the advertised wares -- it would be great for a business's resources, which can be wasted processing this garbage," Theriault said.
The Human Factor
Reputable antispam products catch around 98 percent to 99 percent of all spam, Theriault explained, noting that, combined with a firewall, up-to-date antivirus software on a well-patched network makes it difficult for malware to cause much havoc.
Today's security infrastructure also can include Web security to stop employees and users from visiting infected or malicious Web sites, network access control elements to stop infected or vulnerable machines from accessing the network, and so on, which further adds to the protection.
But there is still the human factor. "Humans also have an important job in safeguarding the network from spam and malware: Administrators need to know their network and what they need to protect it, and users need to know how to behave online, and what to do if they screw up," Theriault said. "Tools like software can help, but education is also paramount."