Application security, Threat Management, Incident Response, Malware, Phishing, TDR

MySpace sues company over mass spamming

Story updated on Friday, Jan. 28, 2011 at 3:44 p.m. 

Popular social networking site MySpace today filed a lawsuit against Hong Kong-based Blue China Group Ltd. and three individuals, alleging the defendants engaged in a massive spam operation designed to harass users and generate profits.

The defendants were behind a two-pronged scheme to overwhelm “friends” of MySpace members with spam, in some cases promoting prohibited items such as marijuana, according to the lawsuit. Last month alone, the defendants allegedly delivered more than 25 million spam messages, many of which contained code that made them impossible to delete.

The spammers induced MySpace members to disclose their login credentials – usually through a phishing website – and then used that information to access members' MySpace profiles to distribute unsolicited messages to the members' friends, according to the suit.

“MySpace is committed to protecting our community from any abusive misuse of the site,” MySpace Chief Security Officer Hemanshu “Hemu” Nigam said today in a statement. “MySpace is committed (to) punishing those who violate the law and try to harm our members in any way.”

MySpace, which has more than 110 million users and is owned by News Corp., says the spam operation caused members to leave the social networking site out of aggravation and increased costs associated with spiked system resources, customer service demands and the need to create new solutions to control the junk messages.

The website is seeking unspecified damages.

According to MySpace's complaint, the attacks began early this year, with advertisements for www[dot]stalkertrack[dot]com, a website the defendants used to trick MySpace members into revealing their username and password by claiming they could receive a tracker to find out who views their profile.

This reaped considerable rewards for the spammers, allowing them to "hijack and use thousands of compromised accounts and to flood the MySpace network and its members with waves of spam promoting commercial websites owned by the defendants and third parties," according to the lawsuit.

MySpace says in the lawsuit that it received "voluminous complaints" about the spamming from its members. Despite asking Blue China Group to terminate its actions, the defendants continued with their unwanted assault of messages, in the process violating federal and state anti-spam regulations.

MySpace says Michael Walczak, a Hong Kong citizen who also lives in Bedford, N.H., is the owner of Blue China Group. Other defendants named are Doru Giuchici of Vancouver, Wash. and Jeremiah Buehre of Kansas City, Mo.

(The complaint against Giuchici was later dropped, according to California attorney Gary Kurtz, who represented Blue China Group. A MySpace spokeswoman could not immediately be reached for comment.)

Blue China Group did not return an email request for comment. According to the "Whois" directory of internet domains, it owns about 1,553 domains.

Today's lawsuit is the just the latest in a long line of security issues to impact MySpace. The company has sued alleged spammers and phishers before. And in the past few weeks, attackers have broken into the accounts of several popular celebrities, including Alicia Keys and Tila Tequila, to spread malware or publicize a hacker feat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.