July 13, 2007

Zombies and Alter Egos at the FTC

The Federal Trade Commission’s Spam Summit was an occasion to celebrate the (limited) success of the CAN-SPAM Act and to discuss the latest criminal threats online.

Patrick Peterson of IronPort Systems outlined the training wheels version of the malware threat, including the basics of botnets, zombies, and image spam.

Joe St. Sauver of Internet2 Security Programs described a “spam eco-system” involving an increasing body of spam tradecraft, each step requiring expertise. Wily spammers can change servers every 15 minutes and change the content of their messages every 12 minutes, thanks to these cottage industries.

Peterson also said that 2006 saw an epidemic of “pump and dump” scams in which a stock was hyped to thousands of unwary buyers who drive up the price, then lose all their money as it becomes clear that there was no real reason to buy the stock. It turns out that 2006 was also a big year for one CEO to use the internet to pump up his stock in a different way: Posting to Yahoo stock market forums under an assumed name.

The Wall Street Journal reported that John Mackey, CEO of Whole Foods, “cheered Whole Foods’ financial results, trumpeted his gains on the stock and bashed Wild Oats.” Mr. Mackeys alter ego even defended his own haircut in one post.

All this cascaded from a footnote in a document made public by the FTC on Tuesday. It has been a big week for zombies and alter egos in DC.