Mark Dalby

A Las Vegas man accused of sending more than 27 million spam messages to Facebook users faces federal fraud and computer tampering charges that could send him to prison for more than 40 years, according to a grand jury indictment.

Sanford Wallace, the self-proclaimed “Spam King”, pleaded not guilty during an initial court appearance last week after being indicted July 6 on six counts of electronic mail fraud, three counts of intentional damage to a protected computer and two counts of criminal contempt.

The indictment filed in San Jose federal court said Wallace compromised about 500,000 Facebook accounts between November 2008 and March 2009 by sending massive amounts of spam through the company’s servers on three separate occasions.

If you get an e-mail message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it’s part of a new spam campaign that could infect your computer.

The messages started popping up in recent days and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.

“Please see the attached form. You need to fill it out and contact your bank for return of funds,” read one such message, titled “Hotel Breakers Palm Beach made wrong transaction.” The ‘refund’ form is actually a malicious Trojan horse program that installs fake antivirus software on the victim’s computer, according to Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages Wednesday.

I stopped following the spam problem in detail a while ago, but assumed that China was a major source of the stuff. It just sort of seems like it would be, but it turns out this is no longer the case.

In most countries it’s cheap and easy to register a domain name. Not in China where the government makes you run things past them. A side-effect was to kill off spamming from Chinese domains. It all began with a directive from CNNIC (China Internet Network Information Center), which administers the .CN domain:

•     Domain name applicants need to submit the formal paper based application material when making the online application to the registrar. The application material includes the original application form with business seal, company business license (photocopy), and registrant ID (photocopy).
•     Registrar should carefully review the application material. When application is deemed qualified, registrar need to submit the application material via fax or E-mail to CNNIC, and withhold the original application material.

Spammers need for domain acquisition to be cheap and fast, as they will lose them frequently. These procedures make it uneconomical for spammers to use Chinese domains for their links.

US talkshow host Jay Leno, singer Madonna, actress Cameron Diaz and President Barack Obama share an unpleasant secret their publicists are powerless to do anything about.

A new analysis by security company BitDefender has identified these celebrities as the most commonly-used lures in US spam campaigns, usually combined with bogus and sensational headlines designed to pique the interest of naive Internet users.

These four names were connected to a large proportion of a sample 25 million spam messages looked at by the company, most of which were pushing pharmaceutical products. Other less commonly used famous people included author Stephen King, film director George Lucas, and Anglo-Australian rock act, AC/DC.

The Wellington-based IT services firm Xannax has changed its name to XWL, due to the similarity with the word “Xanax”; the name for an antidepressant drug commonly sold over the internet and often hawked by spammers.

In a statement announcing the change, XWL business development manager Andrew Thompson-Davies says, “When we originally came up with the name Xannax, to us it was simply a catchy palindrome that stood out a bit from the crowd with, we thought, no real-world associations or connotations.

“But move ahead a decade or so, and we discover that the word xannax is now being treated as a spam keyword by the world’s spam filtering systems.