On Thursday, a blog post on the Web site Loonov.com claimed a spammer named Alexey Tolstokozhev was found murdered in a villa outside Moscow. “He has been shot several times with one bullet stuck in his head. According to authorities, this last head shot is a clear mark of Russian hit men,” the post said.
The reported assassination of Tolstokozhev echoed the 2005 murder of an actual Russian spammer, Vardan Kushnir. Kushnir was found beaten to death in a Moscow apartment, prompting speculation his murder was related to his activities as a spammer. However, a police investigation later said Kushnir was killed by robbers and his death was not connected with his spam activities.
The Tolstokozhev story caught the attention of the security community as well as blogs, even making it on to Slashdot, one of the most popular sites for technology-related news. But security researchers soon debunked the report.
The story began to unravel when researchers failed to locate Tolstokozhev in records of known spammers, even though Loonov.com claimed he was responsible for “up to 30 percent of all Viagra and penis enlargement-related spam” and made more than $2 million in 2007 from these unsolicited e-mails. More questions were raised when researchers discovered that the Loonov.com domain name was registered on the same day the assassination post appeared.
“We got the feeling pretty quickly that it was a hoax,” said Dave Marcus, security research and communications manager at McAfee’s Avert Labs. “It just became obvious that either this was somebody’s idea of a joke or they were using a real person’s name and trying to associate him with being a spammer.”
Other security researchers picked up on the hoax as well, with reports appearing on Sunbelt Software’s SunbeltBlog and Taint.org, a blog written by Justin Mason, a software developer in Ireland.
The motivation behind the Tolstokozhev hoax is not clear. The Loonov.com domain was registered anonymously and the identity of the person behind the hoax is not known.
“It’s probably just an attempt to besmirch this person’s name, because this guy’s name does not appear on the list of usual suspects,” Marcus said.
Avert Labs and other researchers looked into whether there was a malicious side to the Loonov.com site, such as downloading malware onto a visitor’s computer, but didn’t find anything suspicious. “As of now, we haven’t found any malicious code embedded in the site,” he said.
Perhaps ironically, all of the attention that’s been given to the Tolstokozhev story may eventually turn Loonov.com into a spam site.
“He’s getting an awful lot of traffic being driven to the site because of all the attention he’s getting. He’ll get a lot of Google juice out of this,” Marcus said, referring to the way Google’s search engine ranks Web sites. “If you use it as a spam site, you’ve already got good Google activity built up, but that’s just a guess.”
