Brian McWilliams

Once at KoolKatalog, visitors were invited to feed an e-mail address into a digital slot machine created in the Shockwave animation format. Solve the puzzle faster than anyone else, and KoolKatalog would send you a swell prize!

In the nanosecond it took most people to recognize the obvious junk mail trap, the real damage was already nearly done. According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft’s Internet Explorer browser to covertly download the first of 10 files onto visitors’ computers.

KoolKatalog is currently inacessible, but its domain name was registered by an IntelliTech employee and the phone number listed in the privacy statement at KoolKatalog is the number for IntelliTech Web Solutions. Phone messages left with the receptionist who answered at that number were not returned.

A contrite spokeswoman for eUniverse said IntelliTech’s automatic redirects violated its ad policy, and eUniverse pulled the pop-ups as soon as it learned what was happening. Flowgo has achieved its success, she said — and helped earn its publicly traded parent several quarters of profitability — by taking great care to protect the safety of its visitors.

But according to virus experts, tens of thousands of Internet users have been back-doored by the KoolKatalog-distributed “malware,” which they have added to their lists of malicious code for scanning.

“When you exploit a security bug to get your program onto someone’s PC, you’ve crossed the boundary into what we consider malicious,” said Craig Schmugar, a researcher with McAfee, which refers to the KoolKatalog-served payload as Downloader-W.

While researchers have not yet completely decoded all functions of the programs, they say two of the files, BVT.exe and ABSR.exe, attach themselves to victims’ browsers and covertly monitor which sites they visit. Other components, including a file called AUSVC.exe, appear to enable the program’s authors to secretly send updates or other files to the infected computer.

What’s more, the install program, a file called CoolStuff.ocx, checks to see whether the victim is running a firewall, and terminates if it finds one. If no security software is monitoring outbound network connections, the installer grabs other files from one of two IntelliTech Web servers, online1net.com and wwws1.com.

“Somebody took a lot of time and attention to create this. There’s a lot of error checking and careful programming in there,” said Vincent Weafer, director of Symantec’s virus research lab. Backdoor.Autoupder, as Symantec calls it, quietly made the software firm’s list of the five most-prevalent viruses in April.

While designed to be stealthy, the malicious code was revealed to many puzzled victims in recent weeks when it began causing instability in their PCs or crashed them.

Others discovered the program after updating their anti-virus signature files. Sam Evans, security analyst for a Midwestern semiconductor firm, said an anti-virus update in late April caused a sudden flood of reports from company employees. Cleaning the code off affected computers was complex and required editing the PC’s system registry.

“We thought we disinfected all the computers, but our intrusion detection system is still reporting that internal machines are attempting to send information out,” said Evans, who added that the company had “black-holed” (blocked access to) the range of Internet protocol addresses used by KoolKatalog and related sites.

Trend Microsystems, which since April 23 has received nearly 5,000 reports of infections by TROJ_SUA.A, as it calls the software, has released a free tool that automates the 49 steps required to remove IntelliTech’s code from an infected PC.

IntelliTech itself has done little to clear up the mystery surrounding the surreptitious installation of its spyware.

Frank Bigott, a resident of Santa Monica, Calif., who holds the domain registration for KoolKatalog, said he had “zero knowledge” of the backdoor program prior to being contacted by Salon. Bigott referred all other questions to his attorney.

The lawyer, William W. Bloch of Beverly Hills, said Bigott resigned his position in sales and marketing at IntelliTech after learning of the incident from Salon. Bloch also gave Salon the cellphone numbers of three men whom he identified as IntelliTech management, but voice-mail messages left at those numbers were not returned.

Bloch says that Bigott determined that IntelliTech’s management had placed the spyware programs on users’ computers “to gain certain things that would result in increased revenue,” such as commissions from affiliate marketing programs.

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone’s computer without permission is tantamount to hacking.

“If, on top of that, you track people with spyware with the intent of selling the information, that goes way over into unfair and deceptive practices. It’s really pretty appalling,” she said.

The spyware tar pit that users encountered at KoolKatalog may have been connected to an earlier software development effort by a company called Volton Technologies, which also had ties to IntelliTech.

The agent of record for the incorporation of Beverly Hills-based Volton Technologies is Michael Osborn, one of the names provided by the lawyer Bloch as a member of IntelliTech management. Volton Technologies previously offered for download an apparently legitimate program that may have provided the technical foundation for KoolKatalog’s twisted creation.

The program, which Volton termed a “browser toolbar enhancement,” offered access to search engines and e-mail from a control panel at the bottom of Web browsers. According to the program’s license, in exchange for the free software, users agreed to allow Volton to collect “anonymous” data on Web page views and responses to ads, as well as an inventory of the software on the user’s PC.

The front door of Volton’s search site, BestoftheWeb.com, invites users to download the toolbar. But the download page offers no link to the software and merely states, “Our new and improved toolbar is coming soon.”

Similarly, a download link at Volton’s BrowserToolbar.com site was disabled for weeks — before suddenly reappearing May 3, when the site was relocated from an IntelliTech-owned hosting firm in Los Angeles, New Directions, to a new ISP in Canada.

Click the download link at Volton’s new version of BrowserToolbar.com, hosted by Alberta-based Myrias Computer Technologies, and a message says a file called Coolstuff4.cab is being installed. But the toolbar installation fails because the server containing the file, online1net.com, is unreachable.

Online1net.com, along with wwws1.com and KoolKatalog, was summarily unplugged last week by Alchemy Communications, the Internet collocation facility that services New Directions.

When contacted by Salon on April 26 about reports of malicious code at the IntelliTech sites, Alchemy’s vice president Jamie Daquino said his position was Shut down first, ask questions later.

“For someone to get written up as a virus, that’s pretty serious. If they’re doing what people are saying, it’s illegal. We don’t want to be associated with that,” said Daquino.

Daquino noted that New Directions, which also goes by aliases including AlphaHostCo, Online Connect Group, Zones Now, Interhostland and Quik-Net, appears to be “companies within companies.”

With its sites darkened by Alchemy, and its devious pop-up ads pulled by eUniverse, IntelliTech’s misguided experiment in viral marketing appears to have been halted.

But Roger Thompson, malicious-code expert for TruSecure, said that spyware like that found at KoolKatalog.com remains a serious threat to the thousands of users who are infected and not aware of it.

“They are definitely still at risk. Only the original authors know exactly how compromised those PCs are. No one should want any uninvited back door on any PC,” said Thompson.

Yet, according to many experts, Microsoft remains as much the root of the spam problem as the key to solving it.

Most junk e-mail today emanates from Windows computers that spammers have hijacked and turned into spam “zombies” using security holes in Microsoft’s operating system. What’s more, Microsoft is blamed for wrecking efforts this past summer to create e-mail authentication standards. The company also stands accused of trying to neuter state anti-spam laws. And Microsoft has yet to win a lawsuit against a major spammer.

A P.R. representative from Microsoft stressed that “there is no silver bullet” and that “it will take a combination of advanced technology, industry cooperation, user education and enablement, effective legislation and targeted enforcement against illegal spammers to significantly reduce and solve” the problem of spam. But with its huge installed base, deep pockets, marketplace clout and technology prowess, Microsoft is in a unique position to eradicate junk e-mail.

If, that is, the company has the will to do so. Microsoft says that it is working on new technologies that will help reduce spam, and denies that it is in any way responsible for the floods of junk mail coursing across the Net. “Spammers cause spam,” says Microsoft.

But a review of what Microsoft is actually doing suggests that the company isn’t pursuing the problem as vigorously as it could. Before Microsoft can make good on Gates’ prediction, experts say, it must first stop worrying about what’s good for its business, and concentrate instead on what’s best for the Internet as a whole.

To hide their tracks, spammers have always misappropriated the computers of innocent third parties. But the rise of Windows zombies is arguably the gravest problem facing spam opponents today. By one estimate, over 60 percent of junk e-mail now originates from home PCs that spammers have commandeered with the help of virus writers and hackers.

With an ever-growing arsenal of Windows zombies under their control, spammers can evade some spam filters, which have trouble keeping current lists of the addresses of known zombie systems. What’s more, spammers have used their networks of zombied computers to launch denial-of-service attacks on sites operated by blacklist services and other anti-spam organizations.

Solve the Windows zombie problem, and you’re well on the way to eliminating spam, say the experts. And who better to provide a solution than Microsoft, which created the problem in the first place by shipping buggy software?

Two weeks ago, Microsoft released a free tool for detecting and removing infections caused by a handful of Windows-based computer worms and viruses. But some security experts say the company still hasn’t adequately addressed the underlying security vulnerabilities exploited by such malicious software.

“Microsoft needs to lock down Windows so that rogue programs can’t convert PCs into zombies or hijack applications to do spamlike things,” says Richard Forno, a security consultant and commentator.

Yet Microsoft effectively created a ghetto of potential spam zombies last year when it refused to allow users of pirated versions of Windows to install a significant security update known as Service Pack 2 (SP2).

According to John Levine, chairman of the Anti-Spam Research Group, Microsoft acts as if guarding its software against piracy is a more significant issue than protecting users of unpatched Windows systems against worms and hackers.

“Microsoft, of course, has no responsibility to people who’ve stolen their software, but the security holes don’t affect the user of the infected computer as much as they do the zillion recipients of the spam and worms that it emits,” says Levine.

Levine’s recommendation: Microsoft should give away security upgrades to unauthorized users of Windows, even if doing so undercuts the firm’s campaign against software piracy.

Deterring the creation of new spam zombies would be a huge victory, says Joe Stewart, a security researcher with Lurhq. But he believes Microsoft also ought to go even further and hunt down the hacker-spammers who use existing zombies.

To accomplish this, says Stewart, Microsoft should build a network of decoy zombies, with the aim of attracting the miscreants who scan the Internet for compromised computers and send spam through them.

“Feed [the information] to the legal team that sues spammers,” says Stewart.

What of Microsoft’s legal team? They’ve kept the company intact despite antitrust lawsuits. They’ve protected Microsoft’s intellectual property with countless patents. They’ve helped convict software pirates around the globe.

So when will Microsoft’s lawyers get a big court decision against a major junk e-mailer?

In recent years, Microsoft has filed scores of lawsuits against spammers large and small. But unlike competing Internet service providers America Online and Earthlink, Microsoft can’t claim any big trophies yet.

The company’s most high-profile lawsuit — filed in December 2003 against Colorado bulk e-mailer Scott Richter — is still pending. But that litigation is unlikely to bring the $18 million judgment Microsoft boasted it would seek. Last summer, New York Attorney General Eliot Spitzer settled a parallel lawsuit against Richter for the paltry sum of $50,000.

In August 2003, Microsoft found itself in the embarrassing position of having to apologize to a British man after erroneously suing him for spamming. In a statement, Microsoft said the case against Simon Grainger “illustrates the difficulties and hazards of investigating the clandestine activities of faceless individuals operating on the Internet.”

Microsoft lobbed an innovative lawsuit last September at Levon Gillespie, the operator of a company that provides “bulletproof” Web site hosting services to spammers. Soon thereafter, Gillespie’s Cheapbulletproof.com site went offline, as did SpamForum.biz, his online marketplace for junk e-mailers. But earlier this month, Gillespie’s sites returned, now located on servers in China. A Microsoft spokesperson reports that the lawsuit is still in the discovery stage.

Anti-spam legal efforts can get results without making headlines, says Matthew Prince, an adjunct professor of law at John Marshall Law School, and chief executive of Unspam. If nothing else, Microsoft can force spammers to run up big legal bills, thereby wrecking the economics of spamming, says Prince.

Spam opponents see other behind-the-scenes opportunities for Microsoft. The company could use its enormous marketplace clout to pressure the biggest suppliers of Web site hosting for spammers.

Steve Linford, operator of the Spamhaus spam-filtering and information clearinghouse, says Microsoft’s Hotmail service could threaten to block e-mail from China unless the Chinese government pressures rogue ISPs there to stop providing havens for spam suppliers such as Gillespie.

“AOL gets an enormous amount done simply by telling other providers that they won’t accept e-mail from their systems unless they clean up their networks. Microsoft most certainly could use Hotmail as leverage in this same way,” says Linford.

Similarly, Microsoft could shame MCI Wholesale Network Services, which currently hosts around 200 spam gangs, according to Linford.

Microsoft’s anti-spam initiatives may be hampered, however, by what Prince and other experts describe as the firm’s split personality over junk e-mail. Microsoft’s MSN and Hotmail services appear determined to run spammers off their networks on a rail. But the company’s other business units want to preserve Microsoft’s ability to use unsolicited e-mail in, for example, cross-marketing to existing customers.

“AOL has a much clearer sense that spam is a problem that’s unacceptable, and they are willing to go to the mat to solve it, whereas Microsoft is definitely of two minds on the subject,” says Prince.

So even while Microsoft is an “impressive partner” in some anti-spam enforcements, according to Paula Selis, senior counsel for the Washington state attorney general’s office, at the same time the company has lobbied for weaker versions of federal and state spam laws.

“It’s struck me that sometimes their agenda is a little mixed,” says Selis.

State lawmakers have publicly criticized Microsoft’s aggressive lobbying against stringent anti-spam laws. After the company helped to defeat a do-not-spam registry proposal in Michigan, some legislators began referring to Microsoft as the “axis of inertia” in the press.

Microsoft’s conflicted spam priorities are also blamed for a recent breakdown in setting e-mail authentication standards. Last summer, an international working group was close to hammering out a standard based on Microsoft technology, which would help in the battle against spam, viruses and other e-mail abuse.

But the working group hit a roadblock when Microsoft revealed that it had applied to patent its authentication technology, known as Sender ID. Some working-group participants balked at the idea of Microsoft’s patent lawyers controlling an industry standard.

Levine says Microsoft could have offered a license that satisfied the open-source community without compromising its intellectual property protections. But the company made no such concession.

“Their best offer was a license that gives them the option to pull the rug out at any time, with vague assurances that they wouldn’t do that,” says Levine. As a result, the working group was disbanded in September without reaching an agreement.

Using its proprietary SmartScreen filtering technology, Microsoft’s Hotmail service has made great progress in shielding users from spam. Indeed, Microsoft’s best hope of defeating spam by 2006 may be within its own networks, if not the Internet at large, says Prince.

That’s a long way to come for a service that, four years ago, was blacklisted by the Mail Abuse Prevention System for improperly securing its servers against spammers.

But recent organizational moves suggest Microsoft’s priorities may have shifted away from a single-minded commitment to fighting unsolicited commercial e-mail.

The Microsoft Anti-Spam Technology and Strategy Group, created in 2002, was recently renamed the Safety Technology and Strategy Group. According to a Microsoft spokesperson, the company changed the name as a result of its taking a new view of spam as part of a broader problem of online safety that includes “phishing” attacks.

“To beat spammers, you’ve got to be unrelenting, and chase them 24 hours a day, 365 days a year,” says Prince. He worries that Microsoft’s broader focus might divert the company’s attention from that task.

For Microsoft to play a leading role in solving the spam problem, it must ultimately rein in its own marketing for the sake of being a good netizen, says Levine.

“Compared to other big companies, Microsoft’s anti-spam activities look far more to be shaped by their business interests. The other big players are doing things that are certainly good for themselves, but they’re also good for the Internet community as a whole,” says Levine.

Regardless of whether Microsoft makes such a commitment, Stewart puts the probability of a spam-free Internet by 2006 next to zero.

“The spammers are making big money at this game right now. There’s no way they’re just going to stop and say, ‘Gee, Microsoft has introduced the final, ultimate solution to stop spam. Guess we should give up now.’”

I wanted to be one of Casper’s sales affiliates. In today’s world of spam, a sales affiliate sends out junk mail on behalf of a spam-site operator or “sponsor,” who assigns the affiliate a special tracking code to include in his e-mail ads. For every sale the affiliate’s spams generate, he is paid a commission by the site operator. Sponsors also provide “remove” lists, spamming software, and other support to help their affiliates successfully market the site.

Since September, Casper and his associates had been clogging my various e-mail accounts with ads for a watch shop called Royal-Replicas.com (formerly onlinereplicastore.com). I filed several complaints with the Chinese Internet service provider hosting the site, to no avail.

I suppose I could have just clicked the “unsubscribe” links in the dozen or so spams they sent me every day. But I didn’t trust these people one bit. I was sure that if I could get inside Casper’s operation, I would find hard evidence confirming what savvy Internet users instinctively know: Trying to unsubscribe from spam is a fool’s game.

Just look at the place. Royal-Replicas.com provides no physical mailing address in its junk e-mails or at the site. The domain’s registration record lists someone in Spain as the owner. The site is hosted on a server in China, but the order page cites prices in Indian rupees as well as U.S. dollars. The headers of the spams reveal that many have been sent via “zombied” home computers. Even the headers of Casper’s private e-mails are a fraud. (He routed all his messages to me through proxy computers in South Korea.)

The “About Us” page at Royal-Replicas.com doesn’t help much, either. It contains little more than a bizarre rationale for buying its $300 knockoffs rather than the real thing: “Many people purchase watches that cost thousands of dollars and render the wearer liable to get their hand chopped off while walking home from a posh cocktail party.”

Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it’s common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer’s remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are “often just a method for collecting valid addresses that are then sent other spam.” The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

Sure, a few spammers might take your name off to avoid trouble. But to most, you’re merely confirming that they’ve found a live one. Next thing you know, they’ll have sold your e-mail address to other spammers as “validated” — or, in other words, ready for spamming.

At least, that’s what I thought until Casper brought me onboard. My undercover mission into the heart of fake-Rolex spam didn’t turn out exactly as I had expected.

I tried flattering Casper in my e-mails, gushing that he had astutely tapped into a timely and lucrative spamming niche. (You could probably find similar watches on the streets of Chinatown for $25, but hey, some people prefer the convenience of holiday shopping from home.) But Casper doesn’t let just anyone join BlackMarketMoney.com. After I sent my introductory e-mail as “Chris Smith” from a free webmail account I had created, he asked to know the name of the person who had referred me to the site.

I told him I had learned about the program from a buddy in the #bulkers Internet relay chat (IRC) channel who uses the online handle Ep0ch. In fact, I had stumbled upon the home page for the watch spammers’ affiliate program after studying some of their junk e-mails.

I noticed that the spams never actually advertised Royal-Replicas.com directly; instead, they enticed recipients to visit an intermediary domain on a Brazilian server that redirected traffic to the main Chinese site.

Last month, using a special look-up tool, I enumerated the domains stored on the Brazilian server. As I was studying the list, many of which use clever typos — 0megas.net, Roiex.com, Ltalian.net — one name jumped out: BlackMarketMoney.com. I surfed over to the site, which featured an image depicting bullet holes and wads of dollar bills. “It’s easy money,” proclaimed the graphic.

A sign at BlackMarketMoney.com said affiliates got paid up to 40 percent commissions for every order. In addition to pushing replica watches, the program would soon be adding “penis extenders,” a cellphone charger and an online pharmacy to its portfolio of sites.

After spotting the member log-in panel in the upper right corner of the page, I decided to contact BlackMarketMoney.com and ask about joining.

Casper replied to my message saying he’d never heard of the #bulkers IRC channel or my friend Ep0ch. (Damn, he was good. Neither exists.) Casper said I needed to provide the name of a “big mailer” who could vouch for me.

I produced a list of names and addresses, assuming he would quickly detect that they were all bogus and he would ignore me. A couple of days went by and I still hadn’t heard back. I’d pretty much abandoned hope of ever becoming a BlackMarketMoney.com affiliate.

That’s when I decided to visit the unsubscribe page at a Royal-Replicas.com satellite site, and typed in the address of my most obscure e-mail account. (The address is unpublished, I rarely use it, and it only gets about 10 spams per day — half for Royal-Replicas.com, and the rest for a generic Cialis site.)

My thinking was this. If the canary survived in the mine, I could cut spam to that account in half. If things went sour, I’d just jettison the e-mail address. (I decided not to unsubscribe any of my primary e-mail accounts — the ones that get hundreds of spams every day for everything from fake watches to Hydrocodone without a prescription.)

A few days later, an e-mail arrived from Casper. He said I’d make “a valuable addition to the team.” His message included information about how to log in to my account at BlackMarketMoney.com, and he gave me his AOL Instant Messenger (AIM) screen name in case I had any questions.

When I signed on to BlackMarketMoney.com for the first time, I saw a page where my sales stats would be displayed. A preferences section included a form where I could specify account numbers for my commission payments. There were also pages with suggested ad copy and graphics files, as well as an updated list of the various domains we affiliates were supposed to advertise in our spams.

But what really caught my eye was a note at the site that insisted all affiliate spams include an “unsubscribe link.” Two huge archives were also available for download, containing lists of “remove” addresses. The October list held around 202,000 e-mails, while the November list had over 282,000 addresses. Sales affiliates were instructed to scrub their mailing lists to remove these names.

To my amazement, a quick search revealed that my e-mail address had successfully made it onto the November remove list. But nearly 10 days had passed since I had asked to be unsubscribed, and the fake-Rolex spams were still rolling in. Obviously, my fellow affiliates couldn’t be bothered to clean their rolls of my e-mail address.

As I scanned the remove lists, I was startled at some of the other e-mails. Hundreds of people with dot-gov, dot-mil, and dot-edu addresses had asked for the Royal-Replicas.com spam to stop. (I’d always been told that spammers filter out these domains reflexively, because they generate way more complaints than sales.)

Other addresses jumped out at me. Lots of people from high-tech companies, including Intel, Hewlett-Packard and Microsoft, had tried to unsubscribe. Dozens of people using ACM.org and IEEE.org addresses (professional engineering and computer science organizations) were also on the remove lists.

These people were supposed to be geeks — why were they bothering to unsubscribe? Surely they knew the conventional wisdom: You don’t negotiate with terrorists, and you don’t unsubscribe from spam lists.

Scrolling through the addresses, I realized someone had tried to sabotage the Royal-Replicas.com remove lists. Nonexistent addresses — ending in netscape.gov and pooper.gov, for example — were mixed in with real ones. The lists also included many “celebrity” unsubscribe requests, including ones from arlen_specter@specter.senate.gov, barbara.bush@whitehouse.gov, condaliza.rice@whitehouse.gov, and conrad_burns@burns.senate.gov.

While I understood the rage that led someone to submit phony addresses, I was also a bit ticked off at the perpetrator. Wouldn’t all this junk on the remove lists make spamming affiliates reluctant to use them?

BlackMarketMoney.com also offered a smaller “domain” filter list. Affiliates were supposed to configure their list-processing software to remove all e-mail addresses that included special keywords or domains. Among the 825 filter words were obvious ones such as “abuse” and “admin,” but there were also some head-scratchers: “beavis,” “douche” and “orgy.”

The domain filter list also included sites of well-known anti-spammers, including spews.org, chickenboner.com, scconsult.com and barbieslapp.com. Other notable domains on the filter list were kuro5hin.org, salonmagazine.com and, inexplicably, womenbehindbars.com.

I decided to try contacting some of the people on the remove lists. I’d remind them that clicking spammers’ unsubscribe links has been known to install Trojan horse software on your computer. What’s more, you can’t even trust some mainstream companies. A recent study found that Amazon and other high-profile firms are sometimes embarrassingly lax in honoring remove requests.

What were these people thinking when they handed over their addresses to the fake-Rolex spammers?

A private investigator in Florida whose e-mail address was on the October remove list didn’t return my phone calls or e-mails. I got a similar lack of response from a professor of computer science at Rensselaer Polytechnic Institute. Then Bill Hartman phoned me in response to my e-mail to his ACM.org account.

“I’m not sure why I do it. I know you’re not supposed to,” said Hartman, chief technology officer for Finite Services, a California software firm.

Hartman reported that he receives around 50 spams per day. If the messages make unsubscribing convenient — by including remove links, for example — he attempts to get off the spammer’s list. But Hartman admitted the strategy hasn’t reduced his overall junk e-mail inflows. As proof, he forwarded several copies of spams advertising Royal-Replicas.com — including some sent in early December.

Richard Stuart, an engineer with Infineon Technologies based in Maryland, had seen similarly lackluster results from his efforts to unsubscribe from spammer lists.

“Sometimes they stop. Other times, I’m pretty sure they just sell my address to another spammer,” said Stuart, who has served on International Telecommunications Union committees drafting standards for modems and DSL equipment. Stuart said he nonetheless planned to stick with the unsubscribing tactic.

“I get so much spam, I can’t keep track of it all,” said Becky Poor, director of education for a church in Baton Rouge, La. She told me by phone, with some distress, that she received about 200 spams per day. Poor had simply been deleting them until a few months ago, when a co-worker showed her how to unsubscribe. For a while, she dutifully clicked remove links, among them one that was supposed to take her off the Royal-Replicas.com mailing list.

But Poor said she has since given up unsubscribing. The spam just keeps coming, including recent messages from the fake-Rolex spammers.

At that point, I was really no closer to understanding why nearly half a million people — many of whom should know better — had tempted fate. Perhaps the same gullibility that compels consumers to buy from junk e-mailers also makes them willing to suspend disbelief about spam remove lists. Or maybe it was simply an act of desperation. Nothing else seems to stop spam, why not try a radical approach?

These people would surely be disappointed by a recent decision from the U.S. Federal Trade Commission. Earlier this year, the FTC gathered advice from experts about whether to implement a national Do Not Spam registry, akin to the Do Not Call list that has worked to silence unwanted telemarketing calls. In June, the agency announced it was nixing the spam registry idea on the grounds that it would likely backfire and make problems worse.

“Spammers would use such a registry as a directory of valid e-mail addresses. It ultimately would become the National Do Spam List,” concluded the agency in a June press release.

I had expected to produce evidence corroborating this conclusion during my brief stint as an underperforming spam affiliate. But I am somewhat shocked to report that, on Dec. 2, I stopped receiving any Royal-Replicas.com spam at my unsubscribed e-mail address. The unthinkable had happened: I had asked a spammer to remove me, and it worked!

I know that my fellow BlackMarketMoney.com affiliates are still spamming away — my other e-mail accounts are still taking in over half a dozen fake-Rolex spams each per day. But the replica spam suddenly dried up at the removed address. (Now it’s just the damned “Cialis soft tabs” ads.)

So should everybody relax, and just click on every “remove me” link they see? I still don’t think so, even if these watch spammers gave me what I asked for. For one thing, I don’t know why my remove request got results, while those of Hartman, Stuart and Poor haven’t been honored. The fact is, rogue affiliates could neglect to scrub their lists. Or worse, they could take the BlackMarketMoney.com remove lists and turn them into a spam list. For all I know, this could just be the calm before a spam storm.

Then I remembered Casper Jones. Perhaps the leader of BlackMarketMoney.com had some worldly opinions to share on the issue. I approached him over AIM using my real name. Could he answer a journalist’s questions about remove lists?

Casper didn’t respond. A minute later, he signed off. I haven’t spotted him online since.

A spam blacklist (or “block list”) service prevents mail from people or companies deemed to be spammers from reaching anyone who subscribes to that service. Those who end up on such blacklists are rarely happy about it, and in this case, the aggrieved party became hopping mad.

“I am ferociously supportive of legitimate efforts to fight spam. But this was not a responsible or technically sensible way to do it,” says Steven Rambam, Brooklyn-based Pallorium’s senior director.

Rambam gained fame in 1996 for tracking Nazi war criminals and later for revealing that Elvis Presley had Jewish ancestors. He accuses Jared of erroneously including Pallorium’s e-mail server in OsiruSoft’s database in July 2003. Rambam says there’s no proof his firm ever sent spam, or even that its e-mail server was an “open relay” exploited by junk e-mailers to disguise their spams. The listing was obviously a mistake, according to Rambam, but Jared refused repeated requests to correct it.

As a result, Pallorium had difficulty invoicing clients, sending reports and otherwise communicating via e-mail for several weeks until it moved its e-mail server to a new network, he claims.

“Joe Jared cost me a lot of money. He was essentially putting us out of business. But if he had chosen to act responsibly, this lawsuit would not have happened,” says Rambam.

Jared, who refers to himself online as Citizen Joe, says he never made a dime from the OsiruSoft filter service. (Besides working as a contract programmer, his day job is running a small business that designs custom shoe inserts known as orthotics.) Jared shuttered the anti-spam service in August 2003, after suffering months of distributed denial-of-service (DDoS) attacks aimed at preventing his blacklist service from working effectively.

In court documents, Jared suggests that the DDoS attacks, which he blames on spammers, were likely the cause of Pallorium’s difficulty in contacting OsiruSoft or using the site’s automated system for correcting mistaken listings.

Rambam counters that the dramatic manner in which Jared shut down his service further illustrates what he considers Jared’s “gleeful negligence.” On Aug. 26, 2003, Jared placed a notice at his site instructing users to stop using OsiruSoft’s data. To drive home the point, Jared configured the service to block all addresses on the Internet. The result was a period of chaos for many users of the filter.

Pallorium isn’t the first organization to complain about collateral damage from Jared’s service. In 2001, OsiruSoft was criticized for blacklisting a San Francisco arts group that was operating an open e-mail server — even though there was no evidence the server had ever been abused by spammers.

Nor is Rambam’s lawsuit against Jared his first attempt to squelch unflattering Internet postings about him. Since 1997, Rambam has been involved in litigation against the Jewish Defense Organization and others for defamation.

“By the end of the year, I will have a judgment against Joe Jared, and I’m going to enforce the judgment because he’s been so nasty to me,” says Rambam.

The Pallorium vs. Jared trial is scheduled to begin Sept. 20. The case follows a 2003 attempt by an anonymous group calling itself EMarketersAmerica.org (EMA) to sue nine spam fighters, including Jared and Steve Linford, operator of the Spamhaus.org spam information and blocking service. The EMA withdrew its lawsuit in September 2003 after the defendants’ attorney filed 500 pages of discovery — requests for business documents, programs, communications and other information.

Jared initially withheld announcing the Pallorium lawsuit, which was filed in October 2003, but he recently began soliciting online donations to a legal defense fund.

“I figured it was such a ridiculous case that I could handle it myself. I was wrong,” explained Jared. “I also needed to stay in the background to avoid further retaliation from the DDoS mafia.”

In a matter of days, supporters contributed around $1,600 to Jared’s defense, which is being handled by the Morris Law Firm. In a Usenet newsgroup devoted to spam fighting, some Internet users have expressed alarm over the lawsuit.

“Joe is being personally sued because he ran Osirusoft,” wrote one participant in the news.admin.net-abuse.e-mail newsgroup. “Anyone that participates in this newsgroup, runs a block list, IP identifier list, domain name list, or just posts spammer information on Usenet or the Internet could have [that] happen to them.”

Jared launched the OsiruSoft Open Relay Spam Stopper as a public service in early 2000. At the time, a large percentage of spam originated from “open relays” — e-mail servers configured to allow anyone on the Internet to send messages through them. Anti-spammers such as Jared sought to close the vulnerability by developing automated tools and Web sites for testing and reporting open e-mail servers. Jared eventually expanded his filter service to block other spam sources, using data from other junk e-mail block lists. In its heyday, the OsiruSoft service was reportedly used by several large Internet service providers, including Pacific Bell, Ameritech and Prodigy.

Since Jared’s filter was based on a compilation of several other databases, including the controversial Spews.org service, he is likely protected by the safe harbor provision of the U.S. Communications Decency Act, according to Pete Wellborn, the attorney who defended anti-spammers in the EMA lawsuit. Under the law, online service providers may not be liable for the content they publish as long as they don’t censor or edit the information, says Wellborn.

But Pallorium’s attorney, Gary Kurtz, says he will convince jurors that Jared is responsible for any damage caused by third parties who used his erroneous listings. And, according to Kurtz, the fact that Jared operated OsiruSoft’s spam service as a hobby doesn’t shield him from responsibility.

“If my hobby is shooting guns out an open window, I’m still liable to anybody that I hit,” says Kurtz.

As the global spam problem grows worse, Internet service providers and corporate e-mail administrators are increasingly dependent on spam blacklists to protect their users from junk e-mail. Some spam opponents fear the Pallorium lawsuit could have a chilling effect on other spam-filtering services. In May 2001, Alan Brown, the operator of the Open Relay Behavior-modification System (ORBS), shut down the anti-spam service and temporarily fled his native New Zealand after being sued over some listings.

But Laura Atkins, a partner in the anti-spam consulting firm Word to the Wise, says cases such as Pallorium vs. Jared simply highlight what she characterizes as a “flight to quality” by users of spam blocking services.

“A few years ago, it seemed like everybody was running a spam block list, and not all operated with the same diligence and professionalism. In the past 18 months, a lot of people have started looking real hard at what block list they are using,” says Atkins.

Linford, operator of the Spamhaus Block List (SBL), says Spamhaus and other responsible list operators quickly correct any errors in their listings. But he said that filter maintainers bear no legal responsibility to e-mail senders.

“The rights of an e-mail sender end at the receiving network’s border,” says Linford.

Jared seems to agree. Internet users have the legal right, he says, to choose what comes into their in box, and to refuse mail from anyone for any reason. Although his service has been defunct for over a year, Jared says he will fight the Pallorium lawsuit on principle.

“I have to fight this case because, in my opinion, it could impact the property rights of others if I don’t. Your right to speak should never impact my right to not listen, especially when it’s in my own home,” says Jared.

While OsiruSoft’s filter is no longer operational, Jared can take some comfort in knowing it helped eliminate one of the biggest conduits of spam. According to spam experts, open relays are no longer a significant source of junk e-mail — thanks primarily to smothering filters like OsiruSoft’s.

Editor’s note: This story has been corrected since its original publication.

For more than three years, Bridger has deftly balanced the most difficult task of a spammer (or “bulk mailer,” to use the term he prefers): giving out enough contact information to make a sale without putting the whole operation at risk.

For Bridger, keeping a grip on his own identity may be another challenge. When he’s tired or distracted and the cellphone chirps to life, Bridger might even have to pause and ask himself: What is my name today?

Legally, the man who goes by the name Bridger appears to be Davis Wolfgang Hawke, a former white-power activist who renounced his birth name, Andrew Britt Greenbaum, in 1996 at the age of 18. But in the late ’90s Hawke also went by the moniker Bo Decker. At the time, he was head of the Knights of Freedom Nationalist Party, one of the fastest growing neo-Nazi groups in the United States, which he later renamed the American Nationalist Party while a student at Wofford College in South Carolina.

But he hasn’t really used the names Decker or Hawke online for years. Those identities imploded in 1999, shortly after word got out that his father was a Jew from the Boston suburbs, and people started calling him a “kosher Nazi.” The ANP and its leader crawled quietly under a rock.

Yet as his world was crumbling around him, Hawke vowed he’d make a comeback on the political scene. In an interview with Rolling Stone in late 1999, Hawke predicted he would run for “major public office” within a decade. But first, he would need “a lot of money to back me up.”

So what does a former American Nationalist Party member do to make some quick bucks? In Hawke’s case, he turned to penis-enlargement pills — and a host of other dodgy products, including human growth hormone, free government grants, inkjet-printer refills, extended car warranties, “eBay secrets” — marketed via spam e-mail campaigns. Today, Hawke’s spam operations — Quiksilver Enterprises and Amazing Internet Products — while nowhere near the biggest sources of junk e-mail on the Internet, may be among its more profitable spam-based enterprises.

The life of a spammer is not a dull one. Hawke must move quickly through the obscure back roads of the Net, abandoning the Internet domains that he uses to generate his spam in quick order after he is discovered by anti-spam vigilantes or other spam fighters. The trail he leaves behind him offers a bizarre look at the seedy world of spam entrepreneurship. White-power organizer turned penis-pill spammer, he sounds like a fictional character in a bad comic novel. But he’s quite real.

Spamming was apparently part of Hawke’s career strategy even before he was laughed out of the American white-power movement.

In May 1999, as Hawke was redesigning the ANP Web site and retooling the party’s platform, he also registered Knifed.com — the future home of his first spam-vertised site, the American Knife Depot. Instead of his own name, Hawke listed his significant other and chief party secretary, Patricia Lingenfelter, as registrant, according to Internet records.

In early July, just weeks before a failed white-power march on Washington he helped organize, someone using the name Jon was spamming Internet message boards with bogus testimonials about Knifed.com’s “totally reasonable” prices for knives and other weapons.

Ever since, to throw the feds and anti-spammers off his trail, Hawke has used fictitious names like Johnny Durango, James Kincaid, Winston Cross, Clell Miller, George Baldwan, or John Milton in the registration records for the dozens of Internet domains he has registered for his online storefronts over the years.

For his physical address, Hawke typically lists a Mail Boxes Etc. location in New Hampshire, New York, or Vermont. It’s a technique he has used since 1998, when the Knights of Freedom site listed a Mail Boxes Etc. store in Walpole, Mass., as its address.

Rhode Island has apparently been Hawke’s home for at least the past 18 months. Records kept by the American Registry for Internet Numbers show that in April 2002 someone using the name Dave Hawke registered a block of Internet protocol (IP) addresses on behalf of Quiksilver Enterprises, listing a Pawtucket, R.I., address. The IP addresses were later reported to have been used to send Quiksilver spam.

An online telephone directory maintained by AT&T shows a listing for “D Hawke” at the same address in Pawtucket. The cellphone number listed by “Dave Bridger” in numerous recent spams for Pinacle is on the Sprint PCS network in Providence, R.I., according to an online database.

When Hawke unleashes a load of spam touting Pinacle he forges the return address so no one can reply or easily track its source.

Using special spam software, he typically relays the e-mails through third-party mail servers to hide their true origin. Sometimes he uses an innocent bystander’s e-mail addresses in the From line, so they have to deal with all the complaints, delivery-error or “bounce” messages, and list-remove requests.

These evasive tactics, all standard among spammers, are currently illegal in a handful of states. But no federal law yet exists to rein in such fraud. And while big Internet service providers such as AOL and MSN occasionally tie up large spammers with lawsuits, operations like Hawke’s appear to be below the radar of the major ISPs.

This is not to say that business is easy for Hawke, who is now in his mid-twenties.

Opponents of junk e-mail have been playing a type of whack-a-mole game with Quiksilver and Amazing Internet since early 2000. Whenever Hawke sends a batch of spam touting a new Web site, the anti-spammers notify the Internet service provider that hosts the site. Often, those reports are in vain, since Hawke uses hosting companies in China, Russia, and South America for whom spamming is not a violation of acceptable use policies.

But anti-spammers have had some success in making Hawke’s sites unreachable through another tactic. Because he typically uses bogus information in his domain registrations, Hawke is violating a requirement set by the Internet Corporation for Assigned Names and Numbers that so-called domain “whois” data be valid.

DirecNIC, Hawke’s preferred domain registrar, has placed many of his domains on hold in response to reports that the registrations contain false information, according to Sigmund Solares, CEO of Intercosmos Media Group, the New Orleans firm that operates DirecNIC.

Hawke and his associates are also prone to mistakes, says Piers Forrest, a London-based salesman of high-end computers and a self-proclaimed anti-spammer. As they transfer files from one site to another in the process of staging a new storefront, the spammers often leave a log file behind on the source server. These file-transfer protocol (FTP) logs have enabled anti-spammers to learn about new Pinacle sites even before their operators announce them, thus providing a head start on the shutdown process.

Following a domain shutdown, Hawke quickly gathers himself and reappears at a new location on the Internet. But the technical interruptions can help tilt the economics of spamming, says Forrest.

“Spam is only profitable because the costs are so low. What a lot of us do is try to push up those costs by making sure that when a spammer is found that they lose their Internet connection and they are paying for a Web site that they lose, so that spamming is not worth it,” says Forrest.

In a telephone interview, Dave Bridger claimed not to recognize the term “spam” or to know what a Web site is and said he worked as a manager in a McDonald’s restaurant. In a subsequent online interview, Bridger said he would agree to an interview only if paid $20,000.

“I don’t have time, make too much money, my time is very expensive,” said Bridger.

How much money is he making? That question is essentially unanswerable, but earlier this year, Amazing Internet took new offices and warehouse space beside other high-tech companies in a refurbished mill complex in Manchester, N.H. — a space previously occupied by the U.S. Senate campaign of Jeanne Shaheen, the state’s former governor.

According to a former Hawke associate, the neo-Nazi turned spammer boasts of earning “six figures” and often carries around a wad of hundred-dollar bills in his pocket, totaling thousands of dollars. (The former associate, when shown a photograph of Hawke, also confirmed that “Bridger” was Hawke, although at the time of their association, Hawke/Bridger was using the name Johnny Durango.)

Hawke has signed up scores of Pinacle sales affiliates, although only a few dozen may be active. The bottles of pills are sold for $50 to the end user, but Hawke pays his own supplier only five bucks, and he pays his affiliates another 10 for each sale made via their own spam campaigns. In the low-overhead spam business, that could mean relatively high profit margins.

Customer satisfaction may not be ideal, however. These days, when Bridger’s cell rings it could as easily be an irate customer as another direct sale or affiliate wanting to sign up. After all, the Federal Trade Commission says the cocktail of herbs listed on the label isn’t proven to grow bigger penises. One of the ingredients, yohimbe, may stimulate the central nervous system and is approved by the Food and Drug Administration. But it can also cause kidney failure or kill people with heart problems, the FDA warns.

There are no such caveats in the red-and-blue-lettered e-mails touting Amazing Internet’s Pinacle pills. They usually arrive with a subject line such as “Grow your penis 2 inches in 2 days” and assure recipients that Pinacle is “completely safe.”

The closest thing to a health warning in the ads or the Web site for ordering Pinacle is this helpful advice: “Remember, a penis larger than 9 inches may be too large for most women. But IF for some reason you need even more, it is possible for you to safely continue taking Pinacle.”

So far, no one has publicly complained about Pinacle. According to FTC spokesman Richard Cleland, the agency doesn’t have the resources to track down people like Hawke and charge them with making deceptive efficacy claims.

While the wording of his e-mail solicitations for Pinacle affiliates suggests Hawke prefers the expression “bulk mailer” to the term “spammer,” the FTP logs left on Amazing Internet sites leave no doubt about the company’s business. One log from AIP’s site Myselinak.com in early July, for example, recorded a transfer from the operator’s PC with the following directory: C:\spam\campaigns\Pinacle.

Forrest is credited with being the first to connect Hawke with the various spam campaigns run by Quiksilver. Yet he admits he’s frustrated that, despite his efforts, Hawke has prevailed in the spam business for more than three years.

Hawke’s reemergence as a spammer doesn’t surprise Mark Potok of the Southern Poverty Law Center, a group in Alabama that tracks hate groups.

“I think he is basically a petty criminal. He’s a gang leader, a cultist. He was always about forming groups in which he’s the Führer. And I think that’s probably the case again here,” says Potok.

Potok is not concerned, however, that Hawke will use his profits from spam to bankroll a new neo-Nazi movement.

“He wouldn’t last five minutes in the movement. His name is mud. That’s an insurmountable problem — your father is Jewish,” says Potok. “He got so much mockery at the time. He was just destroyed by the stuff.”

While Hawke’s career as a white-power leader may be finished, one of his former Web sites suggests that if he decides to return to political life, it may be as a Rhode Island Libertarian.

In early 2001, Quiksilver used a site named PrivacyBuff.com to sell books with titles such as “The Spambook,” as well as a collection of tips and programs called “The Banned CD.”

According to a message from “Dave Milton” on the “Who We Are” page at the site, “I am a libertarian and everyone who works for me is a libertarian … we also favor the legalization of all drugs, an end to all taxes, and the abolition of the criminal justice system.”

Then again, it’s always been impossible to know whether the opportunistic, chameleon-like Hawke ever truly embraced a political philosophy — or was simply posturing and spouting a credo to make a sale.

Yet Babil Online, the home page of an Iraqi newspaper run by Saddam Hussein’s son Uday, was still reachable following the bombing.

A headline atop the front page of Babil Online exhorts visitors to read an article about the war, which includes several postmortem photos of what appear to be U.S. troops. The images were displayed last week on Qatar-based Al-Jazeera TV. Subsequently, the TV network’s Web site came under repeated denial-of-service attacks.

Meanwhile, two primary Internet access points for Iraqi citizens — among them a high-profile blogger using the alias “Salam Pax” — have been unreachable since the weekend.

A Cisco switch that connected Baghdad residents to the Internet stopped responding Saturday morning, Iraq time. The device, located at Internet protocol address 62.145.94.250, served as a Web gateway for many citizens.

The headers of a March 19 e-mail message from Salam Pax, author of Where Is Raed? a popular blog chronicling life in Baghdad, showed he connected to the Internet using the switch. Pax’s electronic journal has not been updated since early last week.

Also apparently affected by the recent missile strikes was a satellite gateway carrying traffic for users of Warkaa, one of Iraq’s two government-controlled Internet service providers. A Web-based monitor that had previously displayed traffic statistics for Warkaa’s satellite link became unreachable early Saturday. In the days just prior to the recent attacks, the monitor at times showed hundreds of Internet connections. (A screenshot of the monitor is here.)

Besides connecting Iraqis to the Web, Warkaa also provided e-mail service for many residents.

The downing of Iraq’s Internet access was criticized by representatives of Voices in the Wilderness, a U.S. group campaigning to end sanctions against Iraq.

“There are Iraqis who depend on the Internet to keep in touch with family and friends outside the country. By cutting that off, you’ve made them even more isolated from the outside world, which will further hurt their morale,” said Jeff Guntzel, one of the group’s coordinators. He said Voices has been unable to communicate with a team of representatives in Baghdad by phone or e-mail since late last week.

Despite pummeling the city with thousands of sorties over the past 10 days, U.S. military planners have taken pains to avoid harming Baghdad citizens with the bombing campaign. U.S. officials have also repeatedly stated that the aim of the war is to remove the current regime from power, and not to harm Iraqi citizens.

Some observers have speculated that the United States left Iraq’s Internet infrastructure untouched for the first week of the war in order to maintain communications with potential defectors in the high ranks of Iraq’s government and military personnel.

But Peter W. Singer, a fellow at the Brookings Institute, said he doubted that preserving Iraq’s Internet capabilities was high on the priority lists of U.S. military planners.

“Internet access is still limited mostly to elites in the country. The U.S. is mostly concerned about protecting things like water and electricity and bridges,” said Singer.

With Internet access apparently cut off for Iraqis, Babil Online’s value as a propaganda tool is now limited to Arabic speakers outside the country.

But Singer said the mission of Iraq’s Information Ministry has been not only to fire up nationalism but also to manipulate world opinion and to raise international protests against the war.

“They want to show things that will resonate not just with people in Iraq but with people in places like Egypt or the United States,” he said.

Babil Online may have escaped the attacks because of its physical location — the site appears to be hosted on a server not in Baghdad but in Beirut, Lebanon.

Domain registration records show Lebanese ISP TerraNet as Babil Online’s host. The registrant of the domain, Alaa Sami Kadhem, is also listed as the owner of Baghdadlink.net and Warkaa.net, two domains used by the Iraqi government.

Kadhem and TerraNet’s general manager, Suheil Zurub, did not respond to e-mails asking about their involvement in Iraq’s Internet infrastructure.

Officials at California-based Mentat, which manufactured the satellite gateway used by Warkaa, said they were unaware that the device was being used by Iraq’s government. Mentat executives said they shipped one of the company’s SkyX Gateway systems to Al-Manara International in Dubai, at the request of Mentat’s customer Atlanta International Teleport (AIT) of Douglasville, Ga.

Network records revealed that AIT provides Warkaa’s satellite link. AIT, Al-Manara and Mentat officials did not respond to requests for more information.

While it’s possible that Warkaa and Uruklink were merely “unplugged” by their satellite link providers, Robert G. Ferrell, a security analyst with the U.S. government, said it was more likely that the recent bombing was responsible for the outage.

The weekend missile barrage appears to have knocked Uruklink.net, Iraq’s main government site, and its accompanying e-mail server, offline. A traffic counter contained in the code of Uruklink’s home page still appeared to be registering visits this weekend. But Sean Donelan, a networking reliability expert, said the counter was likely being loaded via copies of the site temporarily cached by Google or some Internet service providers.