Risk
10/30/2009
01:52 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Wins $711 Million From Spammer

In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.

Facebook has won yet another massive judgment against a spammer who already owes $234 million to MySpace.

A California federal judge on Thursday granted Facebook's request for a default judgment against Sanford Wallace, who is known to have been involved with spamming since the mid-1990s and with junk faxing before that.

Court documents indicate that Wallace and an associate who was later dropped from the case spammed Facebook users with phishing messages. Those who clicked on the links and submitted login information to phishing sites allowed Wallace and his associate to then spam the phishing victim's friends, in turn generating more potential phishing victims. Facebook claims that Wallace also received payment for redirecting some spam recipients to Web sites that pay for referrals.

Facebook sought damages of more than $7 billion dollars, as allowed under the CAN-SPAM Act and the California business code.

Expressing skepticism in his ruling that such a figure would be proportionate to Wallace's offences, Judge Jeremy Fogel instead awarded Facebook $710,737,650.

"The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct," Fogel said in his ruling.

Fogel also said that because of Wallace's willful violation of a temporary restraining order and injunction, the Court has referred the case to the U.S. Attorney's Office with a request that Wallace be prosecuted for criminal contempt.

Facebook won't have an easy time collecting its award. Wallace already owes MySpace $234 million from a judgment rendered in May, 2008.

Last November, Facebook won $873 million in damages -- the largest award to date under the 2003 Can-Spam Act -- from spammer Adam Guerbuez and his company, Atlantis Blue Capital.

Asked to specify how much of that award Facebook has been able to collect, a company spokesperson responded, "We continue to work on collecting as much as possible from Guerbuez and Atlantis Blue (likely far less than the full amount) and have hired a firm to help with this."

InformationWeek's Informed CIO series lays out 10 questions to ask about identity management. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.