January 17, 2006
Under attack, spammer begs for mercy
A follow up to my recent post about a controversial campaign to pollute a mortgage spammer's sites with bogus orders:
Darren Brothers reports that Alex Polyakov, the target of his Kick a Spammer in the Nuts Daily retaliatory campaign, has cried uncle.
Brothers says he got a call early this morning from Polyakov. (Brothers has posted a WAV file of the call. I created a smaller MP3 version of the recording, which can be downloaded here.) On the tape, an excited Polyakov complains that Brothers' "Refi Retaliator" program is "killing my business."
"How much money do I have to pay you? Surely we can work out something together!" says Polyakov.
During the 13-minute call, Polyakov claims that his "interest is only to make honest dollars." As a peace offering, Polyakov proposes to create a global opt-out list, "the anti list of all anti lists." Polyakov says he has no interest in sending spam to people who don't want to receive it, and he guarantees that he will persuade all his spam-business associates to clean their mailing lists.
In the past, such spammer-run global remove lists have been disasters. I can't see why a Polyakov-run list would be any different -- especially since he blames a lot of his problems on rogue spam affiliates.
Brothers triumphantly posted word of his phone call on the Nanae newsgroup today. He added this warning to spammers reading the group:
Hey, spammers... the Refi Retaliator can easily be reconfigured for any site selling any service or product... and it's coming to a website you own in the near future if you keep spamming. It's in the public domain now, so anyone can use it. And there are millions of 'anyones' you've pissed off.
I'd guess that this little battle isn't over. At a minimum, I'd expect Polyakov to devise a technical means of thwarting the Refi Retaliator. As JD Falk commented on my previous posting, "Has there ever been any indication that spammers will stop spamming if attacked? Far as I can tell, it just makes them more determined to strike back."
Posted by brian at January 17, 2006 11:11 AM
It's cool to be able to make spammers beg for mercy, but I wonder if it's an effective way to fight spam.
The approach used by Blue Security's Blue Frog (http://www.bluesecurity.com) is a better way to fight spam AND get results.
They have created the "global opt out list", known as the "Do Not Intrude Registry" and their Blue Frog application automatically fills spammers' website forms with complaints about spam they sent you - much like what Brothers is doing.
Posted by: EricAld at January 18, 2006 4:47 AM
For a long time I was filling out spamvertised mortgage forms with real looking bogus info. The spammers were then selling those bogus leads to mortgage brokers who then find complaints filed with the FTC and FCC. (See Dynasty Mortgage).
Posted by: McWebber at January 18, 2006 12:22 PM
Good friggen riddance. It's a war - and retaliation happens in a war. Let them strike back..
Posted by: Patrick Davidse at January 18, 2006 7:48 PM
I love this article. This is too damn funny. Some spammer sent out hundreds of thousands of emails last month and spoofed the "FROM" address, inserting an email address at my email domain.
I received about 10,000 bounce back messages over the course of a week, and a number of angry emails from people who said I was spamming them.
The email originated from NEXTAG (www.nextag.com) and was a REFINANCE solicitation SPAM message.
It turns out that NEXTAG then sells each user name to mortgage companies for $5.00 to $50.00 per name, depending on the amount a person is interested in borrowing. The form was hosted on a number of hijacked PC's and Servers. I filled out the bogus form just to see who was spoofing email addresses in my domain, and within minutes of filling out the spammers REFI form, I started receiving phone calls from Mortgage companies from around the company.
With a little social engineering, I found out where all of the Mortgage companies who contacted me obtained their dataâ€¦ NEXTAG.COM.
I contacted NEXTAG and asked them about their spamming practices. They claimed that they did spam ever, they do not have affiliates send out emails on their behalf, and that they handled all of their own direct email marketing. I sent them the URL from one of the SPAM bounce backs I received that was hosted on a hijacked PC, and they said they did not know anything about the form. I filled out the form again and timed how long it took for someone to call the phone number I put in the form. It took exactly 61 seconds. I shared this information with NEXTAG.COM and they immediately stated they were not responsible, and then hung up on me.
I received phone calls from over 173 mortgage companies over the next week. I saved every phone number, name and email. After collecting enough names, I wrote a little macro to fill out the spammers form, inserting the contact information from each one of the Mortgage companies. The end result, NEXTAG was selling their own customers contact information back to their customers. Too damn funny!!!
Posted by: Shane at January 18, 2006 10:48 PM
Wow, you people are fucking stupid.
2 articles on a stupid russian who needs a tech?
Left out in the cold this winter perhaps?
No good spam news?
the little people.
Posted by: Spammer #1 at January 19, 2006 6:46 PM
How did the spammer end up getting his home phone #, did he give it to him?
Posted by: Jeff S. at January 19, 2006 11:42 PM
you anti's remind me of the f***ing UN
Posted by: someone at January 20, 2006 9:09 AM
Jeff, good question. Based on other things Darren has told me, I'd guess he did NOT give out his phone number to Polyakov (or to Kuvayev).
Posted by: Brian at January 20, 2006 9:11 AM
"someone" - Except that anti-spammers are good at what they do-As in this post-, contrary to the U.N.
Posted by: Eik C at January 20, 2006 8:48 PM
you aint that good
oh whats this i see
a nice house
1 no sorry 2 no sorry three cars in the drive way
& no lawsuits.
hehe I love my job.
as I said before you aint that good, sonny jim :)
Posted by: not just anyone but someone at January 21, 2006 3:40 PM
Maybe not an effective way to fight spam, but it sure is funny!
Posted by: Christi at January 22, 2006 10:14 PM
Spam me once, and let's see how much you 'love your job', scumbag. I'll run you through the wringer just like I did Kuvayev and I'm currently doing to Polyakov.
There's no escape for spammers... there are more of us than there are of them, and we've shown that we can do them a great deal of damage.
Posted by: SpamSlayer at January 22, 2006 11:19 PM
I'm still having a few problems with the refi-retaliator. The main problem is that when I want to fill their forms with fake data, it says that I have no stuff in my "cart". Yeah. It's one of those websites. Any suggestions on how to counter this? One example is a site called "fastherb.biz". I can't fill their forms because they have that whole "shopping cart" thing like many other spammers.
Posted by: Eik C at January 23, 2006 2:37 PM
Hey SpamSlayer, remember rule #1. This guy
doesn't have the guts to post his real name or proof so odds are he's a bottom of the barrel spammer with poor credit and no savings account.
Posted by: at January 24, 2006 11:02 AM
Well, the house is ok. However, those are some really cheesy looking cars.
Robert... I would prepare yourself to lose all of them soon.
"oh whats this i see
a nice house
1 no sorry 2 no sorry three cars in the drive way
& no lawsuits.
hehe I love my job."
Posted by: Sparkey at January 29, 2006 10:01 PM