Risk
10/30/2009
01:52 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Facebook Wins $711 Million From Spammer

In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.

Facebook has won yet another massive judgment against a spammer who already owes $234 million to MySpace.

A California federal judge on Thursday granted Facebook's request for a default judgment against Sanford Wallace, who is known to have been involved with spamming since the mid-1990s and with junk faxing before that.

Court documents indicate that Wallace and an associate who was later dropped from the case spammed Facebook users with phishing messages. Those who clicked on the links and submitted login information to phishing sites allowed Wallace and his associate to then spam the phishing victim's friends, in turn generating more potential phishing victims. Facebook claims that Wallace also received payment for redirecting some spam recipients to Web sites that pay for referrals.

Facebook sought damages of more than $7 billion dollars, as allowed under the CAN-SPAM Act and the California business code.

Expressing skepticism in his ruling that such a figure would be proportionate to Wallace's offences, Judge Jeremy Fogel instead awarded Facebook $710,737,650.

"The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct," Fogel said in his ruling.

Fogel also said that because of Wallace's willful violation of a temporary restraining order and injunction, the Court has referred the case to the U.S. Attorney's Office with a request that Wallace be prosecuted for criminal contempt.

Facebook won't have an easy time collecting its award. Wallace already owes MySpace $234 million from a judgment rendered in May, 2008.

Last November, Facebook won $873 million in damages -- the largest award to date under the 2003 Can-Spam Act -- from spammer Adam Guerbuez and his company, Atlantis Blue Capital.

Asked to specify how much of that award Facebook has been able to collect, a company spokesperson responded, "We continue to work on collecting as much as possible from Guerbuez and Atlantis Blue (likely far less than the full amount) and have hired a firm to help with this."

InformationWeek's Informed CIO series lays out 10 questions to ask about identity management. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0551
Published: 2015-07-04
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P2...

CVE-2015-1966
Published: 2015-07-04
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafte...

CVE-2015-2964
Published: 2015-07-04
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report