[1][LINK] [2]index [3]home [4]News [5]audio [6]search [7]help [8]techcity computerworld Spam attacks send angry firms to court Stewart Deck and Matt Hamblen 08/18/97 Internet spam is no longer a joke to angry businesses. They increasingly are fighting back with civil and criminal lawsuits and offering rewards for information leading to arrests. In some cases, users are even trying chargeback tactics. Driving the get-tough attitude is mounting frustration over crippled and lost business because of overloaded electronic-mail servers, trademark infringement and the nefarious combination of return address impersonation known as spoofing and blasts of spamming E-mail advertisements. Faced in some instances with death threats, exasperated and angry World Wide Web site administrators are trying anything and everything including offering bounties for the names of spammers and risking online vendettas in the process. IMAGE AT STAKE Particularly vulnerable to spamming which some observers call ``Internet terrorism'' is a company's image, which businesses spend untold dollars building, maintaining and protecting. One high-profile example is Samsung America, Inc.'s nightmare, which began July 19 when a fake advertisement blasted across the Internet to millions of electronic mailboxes. The angry replies caught Samsung by surprise it hadn't sent out the advertisement. Other messages bearing Samsung's return address have swamped unsuspecting mailboxes since then, including a missive purportedly from a Samsung attorney claiming ``fraudulent and actionable transgressions'' on the recipient's part. Two of Samsung's Web-hosted clients La Costa Resorts and Big Dog Sportswear also had suggestive and misleading advertising messages sent out with their names attached. They, in turn, have been inundated with complaints. Samsung has been so hard hit getting 6,000 to 10,000 E-mail messages per day and hundreds of telephone calls worldwide that the FBI is looking into the matter. Samsung has spent millions of dollars on its brand image and desperately wants the spamming to stop. ``We assume whoever is doing this buys lists of E-mail addresses from someone,'' said Sang Cho, Samsung's in-house counsel, in an interview with Computerworld. But the company doesn't know why or who holds the grudge. It intends to file civil and criminal charges when the perpetrator is unmasked. Fake ads are the latest twist in spoofing and spamming. The Dr. Seussian terms describe an underhanded sneak attack that tries to get ads in front of as many unsuspecting eyeballs as possible by impersonating a responsible sender. For example, Strong Capital Management, Inc., a financial services company in Menomonee Falls, Wis., is suing a spammer for allegedly stealing its address, thinking that recipients would be more likely to open mail from a prestigious firm than an ordinary Internet marketer. Such mail is hated by recipients and is a bane of Internet service providers. FIGHTING BACK But now the impersonated legions are beginning to fight back. Although there are no results in any of these cases yet, here is a sampling of businesses going on the offensive with their beefs: Two operators at SFF Net, a commercial online service used by science fiction and fantasy writers, have filed suit in Kings County, N.Y., against Carlos Lattin for sending out spamming E-mails with their forged return addresses. Their lawsuit claims trademark infringement, unfair competition, defamation and false designation of origin. The plaintiffs used New York laws to make the alleged impersonator's Internet service provider divulge Lattins name. A novice junk mailer was sued in May by an online floral information service run by Tracy LaQuey Parker, an Internet author and education market development manager at Cisco Systems, Inc. Parker opened the site's electronic mailbox one morning in March and saw what Samsung, La Costa and SFF Net have experienced: an avalanche of returned E-mail and angry letters. ``I was shocked by the onslaught,'' Parker said. Jon Tara, operator of San Diego's Live.Net site, has experienced the same problem, but he hasn't been able to track down the spoofing impersonator. He is offering a $100 reward for positive personal identification of the spoofer. A message on the site from Tara to the spamming perpetrator says, ``I am going to hound you to the ends of the earth once I find out who you are. You will regret having used a Live.Net return address. If you are lucky, I will never find out who you are. If you are unlucky, I will. It will be the worst luck that you've ever had.'' Tara has fought with a service provider who has stopped shutting down spammers and wont provide Tara with identity information, claiming privacy requirements. The provider has called Taras bounty offer vigilantism. In February, Matthew Seidl, a Colorado University computer science student, filed a lawsuit against Greentree Mortgage and an unnamed bulk E-mailer for allegedly sending out a batch of spam with Seidl's ``nobody@localhost.com'' address in the From and Return-Path headers. Seidl said in an Internet posting that he decided to take ``whatever legal actions we have to take to restore our good name and recover the damages we suffered. We are doing our part to put an end to this type of net abuse.'' UNLIMITED ACCESS Such attacks are difficult to deal with, said Nina Burns, an analyst at Creative Networks, Inc. in Palo Alto, Calif. ``Wackos have so much access to information that it becomes scary for an individual,'' she said. ``But until authentication and digital signature technology become more widespread, I'm not sure what the answer is.'' ``We need some sort of digital Caller ID,'' said Jonathan Wheat, an analyst at the National Computer Security Association in Carlisle, Pa. Until then, Wheat said, this may be the price we pay for ever-increasing Internet connectivity. _________________________________________________________________ See related stories: * [9]Service providers won't release names * [10]Internet providers fight back against spammers [11]index [12]home [13]News [14]audio [15]search [16]help [17]techcity computerworld [18][LINK] Copyright © 1997 @Computerworld. All rights reserved. Reproduction in whole or in part in any form or medium without express [19]written permission of @Computerworld is prohibited. Computerworld and @Computerworld and the respective logos are trademarks of Computerworld, Inc. References 1. http://ads01.focalink.com/SmartBanner/page/9.1.3.1-290 2. http://www.computerworld.com/home/toc.html 3. http://www.computerworld.com/index.html 4. http://www.computerworld.com/news/index.html 5. http://www.computerworld.com/realaudio/index.html 6. http://cwlive.cw.com:8080/home/search.nsf/FtFieldSearch?OpenForm 7. http://www.computerworld.com/help/index.html 8. http://www.computerworld.com/techcity/index.html 9. http://cwlive.cw.com:8080/home/print9497.nsf/31a3dd8c957f7b92852564b8006f727... 10. http://cwlive.cw.com:8080/home/print9497.nsf/31a3dd8c957f7b92852564b8006f727... 11. http://www.computerworld.com/home/toc.html 12. http://www.computerworld.com/index.html 13. http://www.computerworld.com/news/index.html 14. http://www.computerworld.com/realaudio/index.html 15. http://cwlive.cw.com:8080/home/search.nsf/FtFieldSearch?OpenForm 16. http://www.computerworld.com/help/index.html 17. http://www.computerworld.com/techcity/index.html 18. http://ads01.focalink.com/SmartBanner/page/9.1.4.1-436 19. http://cwlive.cw.com:8080/home/print9497.nsf/All/home/copyright.html