REDMOND, Wash., Feb. 10, 2005 — The joke about e-mail inboxes filling with pitches for Viagra or other erectile dysfunction medication is almost a cliché – industry analysts estimate about a quarter of all spam involves solicitations for Viagra or an illegal, non-FDA-approved, potentially hazardous generic. But Pfizer Inc, the maker of Viagra (sildenafil citrate), does not find it funny. Nor does Microsoft, which for the last two years has been waging a multi-pronged attack on the barrage of spam streaming into Internet users’ inboxes.
But it may be Pfizer and Microsoft who ultimately have the last laugh, after teaming up to investigate two international spam rings allegedly selling Viagra generics manufactured overseas. Today, the two companies filed lawsuits aimed at shutting down those spam rings, making them the latest in a series of strikes by Microsoft against spammers. Combined, the two companies today filed a total of 17 new actions against defendants they claim are involved in the sale and advertising of potentially harmful medications. The defendants allegedly sent hundreds of millions of e-mails using illegal and deceptive techniques that violate the year-old federal CAN-SPAM law (the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003) and other state and federal laws.
PressPass talked to two members of Microsoft’s Internet Safety Enforcement team, Attorney Aaron Kornblum and Senior Investigator Stirling McBride, as well as Pfizer Chief Corporate Counsel Marc Brotman, about the alliance with Pfizer and the joint investigation that led to today’s anti-spam lawsuits.
PressPass: How did Microsoft and Pfizer come to work together against spam?
Kornblum: Today’s actions are the result of initial conversations with Pfizer which began last summer. Pfizer contacted us because they were receiving unwanted attention for e-mail spam advertising Viagra, which was troubling for several reasons. First, many people were blaming Pfizer for this spam. Second, Pfizer was concerned because the products people were purchasing online through this spam scheme were not Viagra. Lastly, Pfizer was concerned because its intellectual property, such as trademarks, was being used in the illegal spam e-mail, as well as on the Web sites the spam e-mails were directing people to in an effort to deceive consumers into believing the sites were associated with Pfizer.
Brotman: One consumer sent a letter to our CEO, screaming about all the Viagra e-mail he was getting – he said he received 20 in one day, and several thousand in just a few months. The fact is, Pfizer does not send spam. This is a very strict company policy. It wouldn’t make sense – we do not sell Viagra directly to consumers, so we would not send out e-mail offering the product directly for sale. All of the e-mails people are getting that offer Viagra for sale, or cheap or generic Viagra – none are supported by Pfizer in any way. In fact, most of these sites are not offering Viagra, but counterfeits that may contain contaminants, may not work, or worse yet, could make people sick.
We felt we could fight back on the sale and advertising of the products, but our problem was that we didn’t feel we had a good way of stopping the spammers. Then I happened to read a newspaper article about how aggressive Microsoft had been in battling spam, and was one of the leading companies in fighting the spam problem. So it made sense – Pfizer is an advanced company in fighting illegal generics and counterfeit drugs on the Internet, and Microsoft is advanced in the fight against spam, so jointly we could achieve more than we could separately. We together leveraged the expertise and legal claims that individually we might not have been able to.
PressPass: How did the actual investigation come together?
Kornblum: Knowing of our work at Microsoft in the spam and cybercrime-enforcement space, Pfizer telephoned our team to talk about how we might work together to stem the tide of these illegal solicitations involving their product. Last summer we began to investigate these cybercriminals on a joint basis, and uncovered two international spam rings we believe promoted Viagra and other pharmaceutical products through illegal spam. We coordinated a team of investigators and lawyers and went after these spammers together. Microsoft is targeting the defendants for sending hundreds of millions deceptive spam e-mails over its networks, and separately Pfizer is targeting these related defendants in parallel lawsuits for hosting the Web sites that misuse their intellectual property. So we’re coming after this spam from two directions, which I think is an approach not taken before, and is unique to both companies.
PressPass: What are the lawsuits resulting from the joint investigations?
Kornblum: Our efforts together have led to a combined total of 17 lawsuits today against pharmacy-related defendants by the two companies. Each company filed parallel lawsuits against two separate international spam rings. Microsoft is suing each ring for alleged illegal spamming, and concurrently, Pfizer is suing each of these rings for trademark infringement and dilution, and unfair competition.
Both companies today are also filing separate and additional legal actions: Microsoft is filing three other lawsuits against other alleged pharmaceutical spammers and Pfizer is filing 10 lawsuits against other defendants, claiming improper use of Pfizer trademarks in domain names, such as bioviagra.com. So overall, there are 12 actions being filed by Pfizer and five by Microsoft.
PressPass: How would you characterize the partnering and cooperation?
McBride: I would say that the investigation that resulted in today’s legal actions with Pfizer was a fantastic model of cross-industry cooperation. Pfizer has been a great company to partner with, and our aims were very complementary – Microsoft was focused on spam and Pfizer was focused on fake pharmaceuticals. So because we believe these investigative targets were using spam to advertise the fake pharmaceuticals, it was a natural place for us to come together and join forces – an obvious alliance. We shared all the work of the investigation and shared all the costs associated with the investigation – I would characterize Pfizer as a great partner in anti-crime. Another cross-industry success story was our collaboration with Amazon.com last year against spammers who spoofed Amazon.com’s domain name and sent large quantities of illegal spam over Microsoft’s networks and to our customers. We’ve also teamed up with other industry partners and government and law enforcement entities in unique and collaborative ways to fight spam and cybercrime.
Brotman: Microsoft, from day one, has been incredibly enthusiastic about our collaboration. Our work together uncovered more than just the defendants to our lawsuits – there were a couple of times where we found a site that we thought was a problem but turned out not to be. But that was a positive as well, since it meant that this site is legitimately selling real stuff. Also in this case, one of the sites we initially thought could be important was registered to someone in our backyard, in New York state. In our investigation together, we found the person who is registered as owning the domain name. It turns out that individual had no clue his identity was being used. We found out he’s just a victim too, just like a number of consumers who buy from these scams.
PressPass: Were these common or typical spam operations?
McBride: Every spam outfit out there has its own characteristics. One of the things we’re still looking into in our work with Pfizer is exactly how this particular spam ring operates. Typically, though, there are a lot of similarities among spam operations. In this case, we did see a fairly common setup known as an affiliate program. This means there is a central Web site that has the products for sale, and the person running the ring hires a group of people to advertise the site and drive people to the site – do the actual spamming, in other words. These are the affiliates. Each of them sends out spam to a large number of recipients, and embedded in each spam e-mail is a link to the site they want people to visit. Embedded in the link is an affiliate tag, frequently a number, so when the recipient clicks that link and goes to the Web site, the site detects this tag, indicating where the visitor comes from and who referred them, and gives credit to the spammers for customers and potential customers. These people work really hard to insulate and cover themselves, masking their identities to make it hard for companies or law enforcement to determine who they are.
PressPass: Have law-enforcement organizations been involved in this cooperative effort?
Kornblum: To this point in our joint investigation, criminal authorities have not been involved. As we go forward, we certainly will consider all our options as we learn who is responsible, and consider all of our potential next steps. Microsoft does work frequently and quite closely with law enforcement on Internet safety investigations and have referred cases to law enforcement. We regularly partner with law-enforcement agencies and governments, both here and abroad, providing technical expertise and other support to investigations and to government enforcement actions, including technology tools to help them develop their own leads.
Globally, we’ve now supported more than 125 legal actions against spammers – including filing 94 civil suits in the United States – with many in conjunction with governments throughout Asia, Europe and Latin America. Many are still ongoing but many have led to judgments or injunctions. Among our biggest actions:
In January Microsoft provided support to the attorney general of Texas, Greg Abbott, in his lawsuit filed against world’s fourth-largest spam ring. Microsoft also filed a lawsuit against this spam operation.
In 2004 we supported attorneys general spam enforcement actions in Pennsylvania and Massachusetts, as well as various Federal Trade Commission enforcement work.
In 2003, we teamed with New York Attorney General Eliot Spitzer in an effort that led us to the world’s third-largest spammer and a number of his affiliate programs.
We have partnered with AOL, EarthLink and Yahoo! to establish the Anti-Spam Technical Alliance (ASTA) and have twice joined together to filed lawsuits against spammers, including the first batch under CAN-SPAM when the federal law was newly enacted.
We filed the first lawsuit against a so-called bullet-proof Web hosting service, a service which helps spammers set up shop with minimal risk of being shut down.
We filed the first lawsuits under a new provision of the CAN-SPAM federal law called the ‘brown paper wrapper’ clause referring to improper labeling of e-mails with sexually-explicit content.
Our anti-spam containment efforts span product and practice groups across Microsoft with vast resources being invested in other anti-spam areas like technological innovation in spam filtering and e-mail authentication, global consumer education and so on. But our team of professionals is on the job every day, identifying these cybercriminals and taking them offline. We have changed the economics of spam and will continue to do so.
PressPass: Why does Microsoft feel it is important to fight spam so energetically?
McBride: Microsoft is dedicated to providing its customers with the best online experience they can have – spammers work hard to spoil that experience with unwanted and potentially fraudulent e-mail. We’re deeply committed to combating any effort that diminishes our customers’ user experience. We’re doing that by using the tools in our arsenal, such as capitalizing on laws such as CAN-SPAM and other state and foreign laws to raise the stakes in the spam game. Microsoft is using its position in the industry to help protect its customers, by putting up barricades to spammers’ success and making the risk for the spammer not worth the reward. Spammers make a lot of money if they’re successful, so part of what we’re doing is upping the cost of business – sending spam isn’t so cheap if it means they have to hire an attorney, pay civil or criminal costs, or even go to jail in some cases.
Kornblum: Our customers have told us spam creates real challenges for them. We don’t want personal or business communications impeded, or in any way impacted by the spam out there. We recognize it’s going to take a comprehensive effort, so we’re developing technology tools, such as continually enhancing our SmartScreen learning filters for Hotmail and Microsoft Outlook, as well as collaborating with industry partners to realize the adoption of Sender ID, an e-mail authentication technology to detect forged domain names. We’re helping to educate our customers on how they can protect their e-mail address and fight spam. We’re working on new legislative issues relating to emerging online threats such as phishing and spyware,. And we’re working on new enforcement initiatives with industry leaders like Pfizer, Amazon.com, Earthlink and Yahoo!. There’s still a lot to do, but we’re achieving significant successes, such as putting spammers out of business or in jail, or our SmartScreen technology blocking upwards of 90 percent of spam from reaching our Hotmail customers. The cumulative impact of all these steps together is making a difference.
PressPass: Is there anything the typical computer user can do to help fight spam?
McBride: One of the things people need to do is employ the same common sense online as they do in the real world. Suppose someone was to call you on the phone or show up at your door and tell you they were from MSN or your bank and that they had inadvertently lost all your account information. Chances are all of us would hesitate to give it to them without some effort to find out their identity or their legitimacy. But if this same enquiry comes from e-mail, a lot of people just hand over that personal information. People just need to use common sense and treat business over e-mail just like they would treat any other kind of business.