Risk
10/30/2009
01:52 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook Wins $711 Million From Spammer

In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.

Facebook has won yet another massive judgment against a spammer who already owes $234 million to MySpace.

A California federal judge on Thursday granted Facebook's request for a default judgment against Sanford Wallace, who is known to have been involved with spamming since the mid-1990s and with junk faxing before that.

Court documents indicate that Wallace and an associate who was later dropped from the case spammed Facebook users with phishing messages. Those who clicked on the links and submitted login information to phishing sites allowed Wallace and his associate to then spam the phishing victim's friends, in turn generating more potential phishing victims. Facebook claims that Wallace also received payment for redirecting some spam recipients to Web sites that pay for referrals.

Facebook sought damages of more than $7 billion dollars, as allowed under the CAN-SPAM Act and the California business code.

Expressing skepticism in his ruling that such a figure would be proportionate to Wallace's offences, Judge Jeremy Fogel instead awarded Facebook $710,737,650.

"The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct," Fogel said in his ruling.

Fogel also said that because of Wallace's willful violation of a temporary restraining order and injunction, the Court has referred the case to the U.S. Attorney's Office with a request that Wallace be prosecuted for criminal contempt.

Facebook won't have an easy time collecting its award. Wallace already owes MySpace $234 million from a judgment rendered in May, 2008.

Last November, Facebook won $873 million in damages -- the largest award to date under the 2003 Can-Spam Act -- from spammer Adam Guerbuez and his company, Atlantis Blue Capital.

Asked to specify how much of that award Facebook has been able to collect, a company spokesperson responded, "We continue to work on collecting as much as possible from Guerbuez and Atlantis Blue (likely far less than the full amount) and have hired a firm to help with this."

InformationWeek's Informed CIO series lays out 10 questions to ask about identity management. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.