The World’s 10 Worst Spammers, according to spam-tracking organization Spamhaus, are the most threatening, “least repentant, most persistent, and generally the worst of the career spammers causing the most damage on the internet currently”.
Well, the world may become a fraction less spammy, now that the man Spamhaus has dubbed the world’s eighth-worst spammer has been indicted.
Michael Persaud, 36, from Scottsdale, Arizona, was indicted last week on federal fraud charges in Illinois for allegedly sending more than 1m spam emails worldwide over at least nine separate computer networks between 2012 and 2015.
Persaud’s been charged with 10 counts of wire fraud, each of which is punishable by up to 20 years in prison, although maximum sentences are rarely handed down. The indictment is also seeking forfeiture of four computers.
According to a press release from the US attorney-general’s Office of the Northern District of Illinois, Persaud allegedly cooked up fake names to register the domains. He also allegedly created fake “From” address fields to conceal his identity as the true sender of the emails.
The technique Persaud allegedly used is called “snowshoe spamming“. It involves the use of multiple IP addresses and domains to transmit spam.
As Chester Wisniewski has explained in summing up a Virus Bulletin talk from SophosLab’s Brett Cove on this type of spam, the name “snowshoe spam” was chosen because snowshoes are used to distribute your weight across a broad surface to prevent sinking.
You can see the aptness of the analogy: snowshoe spammers distribute their spamming across a large number of IP addresses and domains to distribute their wares widely. The tactic often defeats volume-based detection schemes used by large email hosts like Gmail and Yahoo.
Persaud allegedly changed names to escape his reputation, using aliases including “Michael Prescott”, “Michael Pearson” and “Jeff Martinez”.
The Department of Justice is also accusing Persaud of illegally transferring and selling millions of email addresses for the purpose of sending spam.
America Online charged Persaud with committing fraud by using aliases to send millions of work-at-home junk emails to its customers. Persaud didn’t contest the charges and was ordered to pay more than $500,000 in restitution and damages.
As KrebsOnSecurity reports, Persaud doesn’t consider it spamming. Rather, he classifies himself as an e-marketer.
According to a sealed affidavit seen by security journalist Brian Krebs, during an April 2016 search of his home by the FBI, Persaud allegedly told agents that he conducts internet marketing from his home by sending a million emails in under 15 minutes from various domains and internet addresses.
According to the indictment, Persaud allegedly does business under a California company called Impact Media LLC, sending spam on behalf of sellers of various goods and services and earning commissions for any sale generated by the spam.
He’ll next be in court for a status hearing on February 21.