Security Watch | Matt Hines » SEC charges stock spam botnet scammers

July 10, 2007 | Comments: (0)

SEC charges stock spam botnet scammers

TAGS: Security

(Eds note: Apologies to loyal readers of the blog for the lapse in posts the last two weeks. One of the authors - Paul Roberts - has moved on from InfoWorld into the realm of industry analysts, while another, Matt Hines, was travelling and fighting laptop issues.)

The Securities and Exchange Commission has taken another step in its bid to eradicate online pump-and-dump schemes, filing securities fraud and money laundering charges against a pair of Texas men accused of running a sizeable campaign driven by the use of botnets.

Officials with the SEC announced that they have filed claims against Darrel Uselton, 40, and his uncle, Jack Uselton, 69 -- both of whom were labeled by the investment watchdog group as "recidivist securities law violators" -- for using a large network of zombie PCs to distribute spam e-mails that encouraged recipients to invest in penny stocks advertised in the messages.

The SEC claims that the defendants urged e-mail recipients to gobble up shares of 13 different companies over a 20 month period, resulting in over $4.6 million in gains for the accused, all of which was frozen in a bank account seized by law enforcement officials.

In a nod to old-world technology, the scammers also reportedly employed direct mailing tactics to push their efforts beyond the Internet.

As a result of the SEC charges, the Texas Attorney General's office and the state's Harris County District Attorney's office have indicted the accused for engaging in organized criminal activity and money laundering.

Botnets are increasingly being used as conduits for spam in order to help defeat the use of IP address blacklists aimed at stopping mass distributions of unwanted e-mail by identifying and blocking sources of the messages.

Pump-and-dump schemes -- which aim to line the pockets of their creators by pushing up the price of cheap stocks by touting some advantageous news or court ruling in the advertised company's favor -- have become one of the most common formats for message-based fraud over the last several years.

The Useltons' arrest follows other SEC efforts to crack down on the schemes, including the agency's move to freeze 35 penny stocks frequently advertised in pump-and-dump e-mails in March 2007.

"This latest step in the Commission's anti-spam initiative is intended to protect investors from fraud artists who would treat the investing public as their personal ATM machines," SEC Chairman Christopher Cox said in a statement. "The use of bots to spread investment spam at exponentially higher rates is making this type of fraud an even more virulent threat to ordinary investors."

Cox pointed out in his comments that the SEC is particularly focused on shutting down botnet-driven campaigns because they have proven so troublesome for investors and publicly-held companies whose stocks are targeted in the efforts.

"Not only are victims getting hit with get-rich-quick spam, but by turning the victims' computers into zombies, these fraudsters are sending out still more spam to others," he said. "Given estimates that up to one-quarter of all personal computers connected to the Internet are part of a botnet, and the thriving market in selling lists of compromised computers to hackers and spammers, the SEC is taking this very seriously. We remain aggressively committed to tracking down anyone attempting to use bots to prey on investors with false or misleading spam about securities."

The SEC's complaint, filed in U.S. District Court in Houston, claims that the men "orchestrated a series of spam email campaigns using an array of computer botnets to anonymously flood the inboxes of American investors with millions of spam emails touting near-worthless penny stocks with baseless price projections and other unfounded claims."

Each campaign, which advertised a single company in its messages, lasted from several days to several weeks in duration, the agency reported.

In a new twist that appears to point to some form of collusion between the businesses being touted in the e-mails and the scammers -- without disclosing whether or not the companies were aware that they would be used in the schemes -- the SEC complaint also contends that the Useltons "received unrestricted shares from penny stock companies for little or no money in return for purported financing or promotional activities."

The claims seek permanent injunctions and civil penalties against each of the individual defendants, as well as penny stock bars against the men.

The SEC said that Darrel Uselton was previously disciplined by the National Association of Securities Dealers (NASD) for misbehavior in 2004 and 2005, while Jack Uselton was permanently enjoined from trading by the SEC based on previous fraud violations as part of a 2002 settlement.

Of the companies whose stocks were involved, three were among the 35 who had their shares suspended in March, along with another whose shares were revoked by the SEC in 2005.

Posted by Matt Hines on July 10, 2007 01:18 PM

RATE THIS ARTICLE: