Russia files charges against notorious email spammer
October 30, 2010
Police authorities in Russia have launched a rare criminal investigation and prosecution against an alleged email spammer.
Russian resident Igor Gusev, 31, was charged in absentia with selling prolific penis-growing pills online from the so-called Canadian Pharmacy in a large email spam operation following a police raid on his Moscow home on Oct. 26.
Gusev is the general director of Despmedia, an alleged partner of Glavmed.com, a key player in the unlicensed prescription drug business estimated to have raked in U.S. $120 million over recent years.
Gusev himself allegedly made U.S. $2 million through the illicit trade by allegedly running a website called SpamIt.com, an online resource that provided site design and order fulfilment service for spammers until its demise in September.
Spamming isn't illegal per se in Russia, but Gusev has been accused of operating a business without its proper registration with the government.
Security observers are taking the prosecution as a sign that Russia may be beginning to clamp down on rogue operators and email spammers that have tarnished its Internet operation and reputation for many years now, as a way of opening up opportunities for legitimate hi-tech firms to make their mark, and to convey the message that cybercriminals are not welcome in Russia and will be prosecuted.
Gusev's lawyer Vadim Kolosov said that his client intends to contest the charges. "He has no relation to these activities," Kolosov said, adding that his client was out of the country and currently unavailable for comment.
Last month, Cisco Systems said that the popular business contact networking and social site LinkedIn is currently being used as the ultimate bait for a very big email spam campaign designed specifically to infect businesses all over the world with the information-stealing Zeus-Zbot Trojan Virus, and it appears that the virus is spreading really fast.
After appearing early Monday morning, e-mail spam featuring a bogus LinkedIn reminder accounted for about 28 percent of all email spam detected by Cisco in a 15-minute period ranging between 10.30 and 10.45 AM EST on Monday.
And still as of 11.30 AM EST today the Zeus-Zbot Trojan Virus still appears to being sent through to multiple business email addresses in the U.S. and Canada, albeit at a lesser rate than Monday.
Assuming it is not detected by the computer's antivirus software - and there is plenty of evidence that Zeus variants can get past many such anti-virus programs - this particular Zeus variant monitors browser entries for online bank account credentials.
"This strongly suggests that the criminals and individuals behind this most recent attack are most interested in employees with access to financial systems and online commercial bank accounts than anything else," said a Cisco statement.
Unsuspecting LinkedIn users are asked to review the contact request for a fictitious user by clicking on an embedded link in the usual LinkedIn style. This takes victims to a page that asks them to wait before sending them to Google, unaware that anything fishy has actually happened. By that point, Zeus will have attempted to install itself on to the target PC.
The problem with the attack is that LinkedIn thrives on members being contacted by new members, so the fact that the apparent message sender is unknown would not necessarily alert users not to click on the link.
The defense against this type of attack is that most businesses would already have some kind of anti-spam filter at the gateway level and some anti-virus software as well, but there has been some cases that have been reported where Zeus was able to circumvent all of that and was able to infect some machines in the process.
Overall, LinkedIn has been used for email spam campaigns in the past but relatively infrequently compared to consumer rivals such as Facebook and Twitter as of late, which can also be used to attack business users as well, since LinkedIn caters mostly to people in business as compared to Facebook or Twitter which targets mostly the average Internet user.
"Targeting social network users for distributing financial malware is a smart move for the criminals," commented Trusteer CEO, Mickey Boodaei on the latest attack.
Another common barrier is that companies and organizations accessing online banking accounts usually utilize a dedicated-only computer that does not run any other applications but the online banking function exclusively.
"These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus is installed on the user's computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim's computer," he said.
Source: The Russian Department of Justice.
You can link to the Internet Security web site as much as you like.