Prolateral Consulting Ltd
Prolateral Consulting Ltd

News

Profiting from spam

Spammers are turning a profit despite only getting one response for every 12.5m e-mails they send. By hijacking a working spam network, researchers have uncovered some of the economics of being a junk mailer. The analysis suggests that such a tiny response rate means a big spam operation can turn over millions of pounds in profit every year.

The spam study was carried out in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD).
For their month-long study the seven-strong team of computer scientists infiltrated the Storm network that uses hijacked home computers as relays for junk mail.

At its height Storm was believed to have more than one million machines under its control.
The team, led by Assistant Professor Stefan Savage from UCSD, took over a chunk of the Storm network to make it easier to run their study.
"The best way to measure spam is to be a spammer," wrote the researchers in a paper describing their work.

They created several so-called "proxy bots" that acted as conduits of information between the command and control system for Storm and the hijacked home PCs that actually send out junk mail.
The team used these machines to control a total of 75,869 hijacked machines and routed their own fake spam campaigns through them.

Two types of fake spam campaign were run through these machines.
One mimicked the way Storm spreads using viruses and the other tried to tempt people to visit a fake pharmacy site and buy a herbal remedy to boost their libido.

The fake pharmacy site was made to resemble those run by Storm's real owners but always returned an error message when potential buyers clicked a button to submit their credit card details.
While running their spam campaigns the researchers sent about 469 million junk e-mail messages. The vast majority of these were for the fake pharmacy campaign. 

"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted," wrote the researchers.
The response rate for this campaign was less than 0.00001%. This is far below the average of 2.15% reported by legitimate direct mail organisations.
"Taken together, these conversions would have resulted in revenues of $2,731.88—a bit over $100 a day for the measurement period," said the researchers. 

 

And they say crime doesn't pay ?