Alleged Spammer's Bot-Net Partner More Difficult to Nab
Soloway was indicted Wednesday in Seattle on 35 counts of mail fraud, wire fraud, e-mail fraud, identity theft and money laundering in connection with advertising and sales of his company's "broadcast e-mail" software product and services. The so-called "Spam King" allegedly sent tens of millions of spam e-mails containing false and forged headers using a bot-net interface called Dark Mailer, investigators charged.
Dark Mailer, along with similar software like Send-Safe and Atomic Mailer, is ostensibly a bulk e-mailing engine but "it's not very useful" for that purpose on its own, said Patrick Peterson, vice president of Technology at e-mail and Web filter appliance vendor IronPort.
Dark Mailer's real value proposition is as a portal to networks of compromised computers used to relay billions of spam e-mails a day, Peterson said.
"The bad guys [who build products like Dark Mailer] use it themselves, they sell it themselves and they can sell it stand-alone. But it's not very useful, so they sell it to grant access to their zombies," he said.
"The people behind Send-Safe and Dark Mailer, the main way they're driving most of their business is monetizing their zombie infrastructure. They've built bigger zombie networks than they know what to do with."
The man who authored Dark Mailer is one Nikhil Kumar Pragji, who operates out of Queensland, Australia, according to international spam-tracking organization The Spamhaus Project.
Dark Mailer is available for download at such online sources as Windows Marketplace, where it is listed at $499 for a licensed version. It is supposedly sold by a company called Dark Systems, which lists offices in New York, but when CRN visited that Manhattan address no business by that name was there.
The interface on such products reveals clues that indicate what its purpose really is, said Vincent Hanna, an investigator for the non-profit Spamhaus Project.
"One of the tell-tale signs on Send-Safe is that it has a list of thousands of first names that can be cross-matched with last names. That makes it look like e-mails are being sent from real people. There's no reason to have something like that for legitimate purposes, so it tells you it is intended to be used for spamming," said Hanna, who is based in Amsterdam, The Netherlands.
Hanna described an "enterprise version" of Send-Safe that puts a second server behind the one controlling a particular bot-net of proxy computers. Because the server controlling the proxies is relatively easy for investigators to track, this second, more invisible server is used by bot-net administrators to take on the actual workload of sending out spam orders or other tasks. The proxy controller unit becomes more expendable and can be run from a location less likely to be tied by law enforcement to the bot-net administrator.
"It's much tougher to find that back-office computer. ISPs can sometimes help us to discover them by tracking where traffic is going," Hanna said.
The cross-jurisdictional nature of bot-nets makes it very difficult for law enforcement to bring charges against bot-net architects. A spokesperson for the U.S. Attorney's Office, which got the indictment against Soloway, said it was unclear whether the government would pursue the Dark Mailer angle.
"I can't predict where the investigation will go, but this U.S. Attorney's office has experience pursuing bot-nets and spam," said Emily Langley, public affairs officer for the U.S. Attorney's Office in the Western District of Washington.
Langley pointed to her office's conviction of IRC bot-net architect Christopher Maxwell of Vacaville, Calif., last August as an example of a successful prosecution of such a case.
Soloway was probably a "small fry" compared to the people who create zombie networks, said Matt Seargant, senior anti-spam technologist a MessageLabs, a vendor of hosted e-mail and Web filtering tools.
Still, the arrest of a man who is alleged to have made millions of dollars selling spam services is welcome news, Seargant said.
"Certainly Soloway has been one of the longest running spammers still in the business. So this is good news. This is the first federal prosecution under the CAN-SPAM Act. It's one of those laws that's not as strong as the anti-spam people would like, but this shows that the law has some teeth," he said.
With additional reporting by David Raikow and Fahmida Rashid