Spammer Exposes Customer Data

A notorious spammer who pitches pirated software from Symantec’s Norton product line over the Internet has left vast amounts of customer data exposed for the world to see.

And apparently, that is not at all uncommon.

One of the Web sites operated by this particular spammer is called salesscape.com, and links related to the site showed hundreds of customer orders in .txt files.

The exposed data includes what item was purchased, customer names, street addresses, phone numbers and e-mail addresses, but apparently not credit card numbers.

Sites like this are often totally unsecured, which is a good reason not to do business with them, said a spokesman for Symantec.

And for anyone wondering why spammers do what they do, the sheer number of customer orders for this one spammer alone tells the story.

There is lots of money to be made, which accounts for why an estimated 76 billion spam e-mails will be sent worldwide in 2003, at an average cost to the spammers of 0.00032 cents per message, according to figures from eMarketer.

One of the recent spam e-mails touting this software sales site came from “first_response005@yahoo.com” and advertised Norton SystemWorks 2003 Software Suite-Professional Edition.

The e-mail touted “Five Feature-Packed Utilities…For One Great Price… A $300-Plus Combined Retail Value… YOURS for Only $39.99!” That software package normally sells for about $70 or less on Amazon.com. It includes Norton AntiVirus 2003, Norton Ghost 2003, GoBack 3 Personal Edition, Norton Utilities 2003 and Norton CleanSweep 2003.

Clicking on the link in the e-mail takes one to www.salesscape.com, which may be shut down by now, but which earlier listed the software package and linked to an order page that requests payment, either by clicking on a button or by snail mail to “G.A. Moore – PO Box 19803 – Baltimore, MD 21225.”

A whois check on the site shows it is registered to Maryland Internet Marketing, with the administrative contact being one George Moore Jr., 300 Twin Oaks Road, Linthicum, Md. 21090. There was no answer when a reporter called the phone number listed.

Another spam touting this same offer took us to a site called computerssystems.com that appeared to be identical.

The order form instructs potential customers to enter their addresses and a credit card number, then push a “send” button or print the form out and mail it. It also says that the software comes with no retail packaging and the “manuals are built into the programs.” Customers are also given an opportunity to buy Roxio EZ CD Creator for another $29.99.

A Symantec spokesman said that “one of the key indicators of pirated software is the fact that retail packaging is not included.”

William Plante, director of worldwide security and brand protection for Cupertino, Calif.-based Symantec, said the company is well aware of this spammer’s campaign to sell pirated software.

“We started our own investigation, after determining that it is indeed counterfeit software,” he said. “He (Moore) is not the kind of guy to listen the first or second time around” and “we are proceeding legally.”

A Google search for Maryland Internet Marketing turns up a host of less than flattering comments on various Web pages. It’s clear from following the links that at one time or another this spammer also pitched a “McAFEE VERSION 7.0 CLEARANCE SALE!”

Another Web site being used for such sales, apparently by the same person or persons, is salesshopping.com. Plante said that Moore has operated at least 12 different companies.

A random sampling of customers whose data was exposed includes Nancy in Riverdale, N.J., Kristen in Vail, Colo., Darlene in Chugiak, Alaska and Elbert in Honolulu. Overseas customers included Michael in Tel-Aviv and John in Belfast, Ireland.

The data was contained in text files, suitable for import into a database software program. And of course it’s likely that all the e-mail addresses were harvested for future spam efforts.

One customer, a woman in New Orleans contacted by a reporter, was startled to learn that her personal information was available on the Web. “It’s all a surprise to me,” she said. The woman, who operates a hepatitis C awareness organization, confirmed that she had placed such an order and added “I hope I get it.” She seemed to have no idea that she had ordered pirated software.

A call to the Federal Trade Commission to inquire about the spam and the apparent pirated software sales operation was not immediately returned.

Symantec said that the FTC has advised the company that while this spam campaign is a problem, it’s incumbent on Symantec to protect its trade name. And that’s exactly what Plante and the company’s brand protection task force do —track down Web sites selling fake Symantec software.

Plante, who is responsible for developing Symantec’s strategy for identifying and countering both counterfeit and piracy threats to the company, was not surprised that customer data was exposed. He said that such information, often including the credit card numbers, is transmitted over an unsecure network. The numbers can be easily stolen, and later sold to criminals on the black market.

Moore is “all over the place with his spam,” Plante said. “He’s not making millions of dollars, but he is so obvious that legitimate customers and enterprise customers look at him and say, ‘why am I paying this price when he’s selling it for less’?”

“Unsuspecting consumers often think they have bought the real thing,” Plante said. “But we have come across pirated software with Trojan horses and other malicious code.”

Ironically, at the very end of the spam e-mail being sent out this week is this message:

“Opt-Out Instructions: We are strongly against sending unsolicited emails to those who do not wish to receive our special mailings. You have opted in to one or more of our affiliate sites requesting to be notified of any special offers we may run from time to time. We also have attained the services of an independent 3rd party to overlook list management and removal services. This is NOT unsolicited email.”

And, just as this reporter was wrapping up this story, in came a piece of spam from james@hotmail.com, touting “NORTON SYSTEMWORKS 2003 INTRODUCTORY SALE!” This URL went to africa-message.net/1, home of the XingXong Online Store, where they were selling the Symantec software for the same low price as Moore.

Clearly, even the spammers have competition.

Adapted from Internetnews.com.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.