Risk
10/30/2009
01:52 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Wins $711 Million From Spammer

In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.

Facebook has won yet another massive judgment against a spammer who already owes $234 million to MySpace.

A California federal judge on Thursday granted Facebook's request for a default judgment against Sanford Wallace, who is known to have been involved with spamming since the mid-1990s and with junk faxing before that.

Court documents indicate that Wallace and an associate who was later dropped from the case spammed Facebook users with phishing messages. Those who clicked on the links and submitted login information to phishing sites allowed Wallace and his associate to then spam the phishing victim's friends, in turn generating more potential phishing victims. Facebook claims that Wallace also received payment for redirecting some spam recipients to Web sites that pay for referrals.

Facebook sought damages of more than $7 billion dollars, as allowed under the CAN-SPAM Act and the California business code.

Expressing skepticism in his ruling that such a figure would be proportionate to Wallace's offences, Judge Jeremy Fogel instead awarded Facebook $710,737,650.

"The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct," Fogel said in his ruling.

Fogel also said that because of Wallace's willful violation of a temporary restraining order and injunction, the Court has referred the case to the U.S. Attorney's Office with a request that Wallace be prosecuted for criminal contempt.

Facebook won't have an easy time collecting its award. Wallace already owes MySpace $234 million from a judgment rendered in May, 2008.

Last November, Facebook won $873 million in damages -- the largest award to date under the 2003 Can-Spam Act -- from spammer Adam Guerbuez and his company, Atlantis Blue Capital.

Asked to specify how much of that award Facebook has been able to collect, a company spokesperson responded, "We continue to work on collecting as much as possible from Guerbuez and Atlantis Blue (likely far less than the full amount) and have hired a firm to help with this."

InformationWeek's Informed CIO series lays out 10 questions to ask about identity management. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7178
Published: 2014-11-28
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

CVE-2014-7850
Published: 2014-11-28
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

CVE-2014-8423
Published: 2014-11-28
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2014-8424
Published: 2014-11-28
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

CVE-2014-8425
Published: 2014-11-28
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?