A federal judge has ordered spammers to pay more than $2.5 million for violating federal laws including the CAN-SPAM Act. SecureWorks provided expert testimony including an analysis of spam messages and an explanation of the methods used to send the spam.
This is the first case of its kind involving "web form hijacking" or, technically, the abuse of open HTTP-to-SMTP proxies.
Forms on websites are often used to initiate email messages to people who handle feedback, customer service, and order fulfillment. Spammers have figured out how to hijack these forms and use them to send their messages to as many recipients as they wish. Recipients often mistakenly believe the company whose website was hosting the vulnerable form is endorsing the advertised products or services. Meanwhile, the company's reputation is damaged and legitimate business traffic from their networks could be blocked as a result of the unintentional association with the spammer.
In this case, Sili Neutraceuticals, LLC, and Brian McDaid operated as Kaycon, Ltd., and used web form hijacking to send spam messages which U.S. District Court Judge David H. Coar agreed violated CAN-SPAM. The spammers also violated the FTC Act by making false and unsubstantiated claims regarding the Hoodia weight-loss and the HGH (human growth hormone) anti-aging products promoted in the spam messages and on their website.
Based in part on the assistance provided by SecureWorks, an injunction against the defendants' operations was issued, their assets frozen, and a default judgment was entered against the defendants for $2,569,851.77. SecureWorks is honored to have had the opportunity to assist the FTC in its mission of protecting America's consumers.
See the FTC news release here.
Other files related to this case can be found here.
Today's Security Strategy Must be Future-Proof
CTU Research Incident Response and Management Information Security Intelligence Risk Management