Forgot your password?
typodupeerror
Spam Businesses Crime Your Rights Online

Researchers Outline Spammers' Business Ecosystem 14

Posted by timothy
from the is-that-enough-info-to-send-the-rebel-alliance? dept.
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.
This discussion has been archived. No new comments can be posted.

Researchers Outline Spammers' Business Ecosystem

Comments Filter:
  • Re:I'm surprised (Score:5, Insightful)

    by gstoddart (321705) on Tuesday June 17, 2014 @11:28AM (#47254627) Homepage

    Any business model which relies on a mass campaign to get 1-2% response rate is quite likely to be a lucrative business model.

    All you need is a small percentage of people who will fall for this, and when you're sending out millions of messages, 1-2% is probably enough to pay pretty well.

    Hell, I recently saw a couple of spam messages for Viagra slip through spam filters ... and anybody who actually buys Viagra from a random email is asking to get screwed, only not in the way they hope.

    At my company, they do phishing/spam testing on a fairly regular basis. And it's astounding to me the number of people who actually fall for it. These people get sent for additional internet security training.

    When my parents first went on-line, I told them in no uncertain terms to never trust anything unless they were damned sure it was from someone they knew and trusted. And, if there was any doubt, don't ever do anything unless you can directly call the company with a published number.

    And they've told me on numerous occasions that advice has done well for them.

    Sadly, lots of people still fall for this crap, but if it didn't pay, nobody would be going through the effort.

    And don't get me started on the calls from the "Windows Service Provider" who want to do tech support for me. I've known a few people whose parents have fallen for that one.

  • Re:I'm surprised (Score:4, Insightful)

    by Jason Levine (196982) on Tuesday June 17, 2014 @11:39AM (#47254737)

    The problem is that spam is inexpensive to send. Especially if you are using a bot net of infected computers so you utilize someone else's bandwidth. If you spend $100 to send out 1 million e-mails and get a 0.1% return rate at $1 per user, you make $900 per campaign.

"Tell the truth and run." -- Yugoslav proverb

Working...