Study Shows How Spammers Cash In
BBC News (11/10/08)
Researchers at the University of California, Berkeley and the University of California, San Diego (UCSD) hijacked a working spam network to analyze its economic value. The analysis found that spammers can make money by getting just one response for every 12.5 million emails sent. However, the researchers say that spam networks may be susceptible to attacks that make it more costly to send junk email.
The researchers, led by UCSD professor Stefan Savage, took over a piece of the Storm spam network and created several proxy bots that acted as conduits of information between the command and control system for Storm and the hijacked home PCs that send the junk mail. The researchers used the machines to conduct their own fake spam campaigns.
Two types of fake spam were sent, one that mimicked the way Storm spreads using viruses and the other aimed at tempting people to visit a fake pharmacy site and buy an herbal remedy to boost their libido. The fake pharmacy site always returned an error message when potential buyers clicked a button to submit their credit card details.
The researchers sent about 469 million spam messages, and after 26 days and almost 350 million email messages, only 28 “sales” were made. The response rate for the campaign was less than 0.00001 percent, and would have resulted in revenues of $2,731.88, just over $100 a day for the measurement period. The researchers say that spam’s small profit margin indicates that spammers would be economically susceptible to any disruptions in their networks.