Selling the tools used by spammers is easy money, at least until you get caught. Just ask Adam Sweaney, a man charged with computer fraud who took the stand at the sentencing hearing in Seattle for Robert Soloway, the so-called spam king.

Sweaney said he earned about US$2,500 a month for a couple of years selling botnets that could be used for a variety of activities including sending spam e-mails. He didn't even write them himself, but he traded or bought them in online forums, he said.

Sweaney didn't sell a massive volume to a wide variety of people -- a typical week might involve selling three or four botnets to any of his six regular customers, he said. He also sold millions of e-mail addresses to spammers, including one who, unfortunately for Sweaney, was an undercover U.S. Federal Bureau of Investigation agent.

Testimony from Sweaney and others during the sentencing hearing for Soloway, the man notorious for the volume of spam that he facilitated, offered an inside look at the big business of online fraud. While antispam efforts implemented by ISPs (Internet service providers) may have shut out the small-time spammers, the more sophisticated players remain, and they have developed tools to make their efforts easier.

From the stand on Monday, investigators revealed some of the techniques that Soloway allegedly used to send out massive amounts of e-mail. After the government seized Soloway's servers from GoDaddy, a hosting company, investigators found files with as many as 10 million e-mail addresses on each server, according to Thomas Ervin, an engineer at the Mitre Corporation, a company the government hired to help investigate the case.

They also found Dark Mailer software on each server. Dark Mailer is a program that users can set up to automatically send out mass e-mails, drawing from databases to fill in the to, from, subject and body fields of the e-mail message. It also can spoof the header information, making it difficult to trace where the mail came from.

When Ervin began examining the Dark Mailer programs on the servers, they were set to send out 500 messages at a time, with the text body of the message rotated every five minutes.

Soloway ran a company called Newport Internet Marketing. He advertised a mass e-mail service that purported to send messages to an opt-in list of addresses, but he didn't have such a permission-based list. He also sold software that he said would let customers manage their own e-mail campaigns, but it often didn't work. Prosecutors allege that during a three-year period Soloway earned about $1 million.