Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Spam Businesses Crime Your Rights Online

Researchers Outline Spammers' Business Ecosystem 14

Posted by timothy
from the is-that-enough-info-to-send-the-rebel-alliance? dept.
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.
This discussion has been archived. No new comments can be posted.

Researchers Outline Spammers' Business Ecosystem

Comments Filter:
  • by dskoll (99328) on Tuesday June 17, 2014 @09:59AM (#47254351)

    The full link above does not work, but this one works for me [acm.org]

  • I'm surprised that spam is still a lucrative business model, and I'm surprised that spam is still relevant enough to garner the attention of researchers.
    • Re:I'm surprised (Score:5, Insightful)

      by gstoddart (321705) on Tuesday June 17, 2014 @10:28AM (#47254627) Homepage

      Any business model which relies on a mass campaign to get 1-2% response rate is quite likely to be a lucrative business model.

      All you need is a small percentage of people who will fall for this, and when you're sending out millions of messages, 1-2% is probably enough to pay pretty well.

      Hell, I recently saw a couple of spam messages for Viagra slip through spam filters ... and anybody who actually buys Viagra from a random email is asking to get screwed, only not in the way they hope.

      At my company, they do phishing/spam testing on a fairly regular basis. And it's astounding to me the number of people who actually fall for it. These people get sent for additional internet security training.

      When my parents first went on-line, I told them in no uncertain terms to never trust anything unless they were damned sure it was from someone they knew and trusted. And, if there was any doubt, don't ever do anything unless you can directly call the company with a published number.

      And they've told me on numerous occasions that advice has done well for them.

      Sadly, lots of people still fall for this crap, but if it didn't pay, nobody would be going through the effort.

      And don't get me started on the calls from the "Windows Service Provider" who want to do tech support for me. I've known a few people whose parents have fallen for that one.

    • I'm not sure why you're surprised at all. Spam is still a huge problem. You might be lucky enough that you don't get spam, but it's a relentless arms race, and it's intimately connected with the issue of viruses/malware. Of course it would have the attention of researchers.

    • Re:I'm surprised (Score:4, Insightful)

      by Jason Levine (196982) on Tuesday June 17, 2014 @10:39AM (#47254737)

      The problem is that spam is inexpensive to send. Especially if you are using a bot net of infected computers so you utilize someone else's bandwidth. If you spend $100 to send out 1 million e-mails and get a 0.1% return rate at $1 per user, you make $900 per campaign.

      • The problem is that spam is inexpensive to send. Especially if you are using a bot net of infected computers so you utilize someone else's bandwidth. If you spend $100 to send out 1 million e-mails and get a 0.1% return rate at $1 per user, you make $900 per campaign.

        The math to show why spam still exists is really just that simple. Statistically it does pay.

        The emails can be purchased cheaply, botnet space is cheap, VPNs to hide your identity are cheap and effective, and the payoff is good.

        And since it i

    • Me too, especially when the tossers keep sending six messages the same in one day. They totally loose all feasibility. There's always somebody there though who's stupid enough to click the link otherwise we wouldn't all be suffering.

      We could probably put a good dent in illegal drug sales such as fake Viagra by randomly putting detection dogs in post delivery offices and prosecuting anybody caught ordering the crap.

    • Re:I'm surprised (Score:4, Interesting)

      by mlts (1038732) on Tuesday June 17, 2014 @11:03AM (#47254945)

      Spam has shifted gears. Before, it was mainly advertising and "chop your dollar" scams. Now, I mainly see phishing attempts either to get people to give up data or to go to a site that would attempt a large number of exploits (even trying to offer bogus "securityscan.apk" files on Android.) This isn't surprising because getting a victim's computer on a botnet is far more lucrative for a spammer than actually getting them to buy some pills or fall for yet another 419 scam.

    • by tlhIngan (30335)

      I'm surprised that spam is still a lucrative business model, and I'm surprised that spam is still relevant enough to garner the attention of researchers.

      Why isn't it? I mean, the people who send spam make money. The businesses selling the spammed product don't.

      Spammers generally sell their product as a package - say, 1M email addresses for $10 or whatever (generally not selling the list, but the service to email that list). Company needing marketing services buys that and a million emails get sent out. Does

    • by whoever57 (658626)

      I'm surprised that spam is still a lucrative business model,

      Some years ago, there was a suggestion that the people paying for the spam campaigns were not making any money, but the botmasters were. How did this work? As long as there is a supply of suckers prepared to pay botmasters for spam campaigns ....

  • by rel4x (783238) on Tuesday June 17, 2014 @12:16PM (#47255589)
    ...looks like not much has changed. Scamming was constant there, so you stuck with the people you knew.
    The very first thing you do is exchange a small list of well known people you've done business with - your references. When one matches up between your list and their list you contact them and ask how the experience went. If it was good, you move forward and don't change until you have a damn good reason to.

    It's not like there's a Yelp for spammer services, or even a normal review site. Everything is word of mouth.
  • I think every ISP needs to charge, say, one penny for each email sent. It's sorta like a "stamp." Spammers use emails as cheap marketing. Emails are free. There are no penalties for sending out millions of emails or one. The charge places email in the scope of commerce and, therefore, regulation. The originator will have to pony up to send a million emails. Regarding spam bots, today those are hard to detect and hard to identify. Someone, somewhere, will be getting a bill from an ISP for sending out a

"Anyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin." -- John Von Neumann

Working...