ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Nikhil Kumar Pragji / Dark-Mailer

Evidence Menu:

Nikhil Kumar Pragji / Dark-Mailer Index

Country: Australia
State: Queensland
Through the Dark-Mailer Windows based proxy-botnet based spamware, this spammer is responsible for and behind a large portion of the world's illegally sent spam.

Nikhil Kumar Pragji / Dark-Mailer SBL Listings History
Current SBL Listings
Archived SBL Listings

MEDIA: Alleged Spammer's Bot-Net Partner More Difficult to Nab

8:01 PM EDT Fri. Jun. 01, 2007

Alleged spam fraudster Robert Alan Soloway is also alleged to be a kind of "value-added reseller" of the illegal bot-nets that infect computers around the globe, but law enforcement has an uphill battle trying to nail the "vendors" of such spam-generating zombie networks, e-mail security experts said Friday.

Soloway was indicted Wednesday in Seattle on 35 counts of mail fraud, wire fraud, e-mail fraud, identity theft and money laundering in connection with advertising and sales of his company's "broadcast e-mail" software product and services. The so-called "Spam King" allegedly sent tens of millions of spam e-mails containing false and forged headers using a bot-net interface called Dark Mailer, investigators charged.

Dark Mailer, along with similar software like Send-Safe and Atomic Mailer, is ostensibly a bulk e-mailing engine but "it's not very useful" for that purpose on its own, said Patrick Peterson, vice president of Technology at e-mail and Web filter appliance vendor IronPort.

Dark Mailer's real value proposition is as a portal to networks of compromised computers used to relay billions of spam e-mails a day, Peterson said.

"The bad guys [who build products like Dark Mailer] use it themselves, they sell it themselves and they can sell it stand-alone. But it's not very useful, so they sell it to grant access to their zombies," he said.

"The people behind Send-Safe and Dark Mailer, the main way they're driving most of their business is monetizing their zombie infrastructure. They've built bigger zombie networks than they know what to do with."

The man who authored Dark Mailer is one Nikhil Kumar Pragji, who operates out of Queensland, Australia, according to international spam-tracking organization The Spamhaus Project.

Dark Mailer is available for download at such online sources as Windows Marketplace, where it is listed at $499 for a licensed version. It is supposedly sold by a company called Dark Systems, which lists offices in New York, but when CRN visited that Manhattan address no business by that name was there.

The interface on such products reveals clues that indicate what its purpose really is, said Vincent Hanna, an investigator for the non-profit Spamhaus Project.

"One of the tell-tale signs on Send-Safe is that it has a list of thousands of first names that can be cross-matched with last names. That makes it look like e-mails are being sent from real people. There's no reason to have something like that for legitimate purposes, so it tells you it is intended to be used for spamming," said Hanna, who is based in Amsterdam, The Netherlands.

Hanna described an "enterprise version" of Send-Safe that puts a second server behind the one controlling a particular bot-net of proxy computers. Because the server controlling the proxies is relatively easy for investigators to track, this second, more invisible server is used by bot-net administrators to take on the actual workload of sending out spam orders or other tasks. The proxy controller unit becomes more expendable and can be run from a location less likely to be tied by law enforcement to the bot-net administrator.

"It's much tougher to find that back-office computer. ISPs can sometimes help us to discover them by tracking where traffic is going," Hanna said.

The cross-jurisdictional nature of bot-nets makes it very difficult for law enforcement to bring charges against bot-net architects. A spokesperson for the U.S. Attorney's Office, which got the indictment against Soloway, said it was unclear whether the government would pursue the Dark Mailer angle.

"I can't predict where the investigation will go, but this U.S. Attorney's office has experience pursuing bot-nets and spam," said Emily Langley, public affairs officer for the U.S. Attorney's Office in the Western District of Washington.

Langley pointed to her office's conviction of IRC bot-net architect Christopher Maxwell of Vacaville, Calif., last August as an example of a successful prosecution of such a case.

Soloway was probably a "small fry" compared to the people who create zombie networks, said Matt Seargant, senior anti-spam technologist a MessageLabs, a vendor of hosted e-mail and Web filtering tools.

Still, the arrest of a man who is alleged to have made millions of dollars selling spam services is welcome news, Seargant said.

"Certainly Soloway has been one of the longest running spammers still in the business. So this is good news. This is the first federal prosecution under the CAN-SPAM Act. It's one of those laws that's not as strong as the anti-spam people would like, but this shows that the law has some teeth," he said.

With additional reporting by David Raikow and Fahmida Rashid

Related URLs

Link to full Channel Web Network article

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is:

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy