'Spamalytics'

Spammers send 120 billion spam emails to internet users daily and, like it or not, spam exists because the  senders generate a profit. Now US scientists have revealed how spammers make their money

  • E-Mail
By  Administrator Published  January 9, 2009

Spammers send 120 billion spam emails to internet users daily and, like it or not, spam exists because it achieves its sender’s purpose of generating a profit or damaging many people’s computers. But in an attempt to potentially stem the tide of spam a group of United States scientists have recently revealed some interesting findings about how spammers achieve these objectives in a report aptly entitled 'Spamalytics'.

Spamming all over the world

According to Symantec's October 2008 monthly report on The State of Spam, spam categories included adult, fraud, financial, scams, products, political, leisure, internet, health and fraud.

Twenty nine percent of the world's spam in October 2008 originated from the United States. Russia clocked in at 7% and South Korea, India and China each produced 4 % of the world's spam.

"We continue to see spammers leveraging the housing market downturn and the general economic instability in the US as a vehicle to promote their spam attacks. Leveraging the intense interest in these current events, spammers hope to collect personal information from their targets. As news of the economy continues to dominate headlines, it is apparent that spammers will continue to use this angle to try and exploit email users", the report says.

Even the recent US presidential race got spammers going with polling scams promising recipients gift cards and t-shirts in exchange for opinions on the election. The activities of the candidates resulted in spammers spreading malware amongst recipients.

Symantec is one company that produces regular monthly reports regarding spam, but a group of scientists in the US have conducted what has been called the first in-depth study into spam to establish how many people are affected by or respond to spam.

Studying spam

Computer scientists from the University of California, Berkeley and UC in San Diego recently carried out what has been described as the "first large-scale quantitative study of spam conversion".

The report, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, had the aim of providing a measure of the "conversion rate" of spam. In other words, the scientists wanted to establish the probability of an unsolicited e-mail resulting in a "sale" or the "infection" of a computer with malware.

The study involved using the Storm botnet's infrastructure to analyse two spam campaigns - one designed to propagate a malware Trojan and the other marketing pharmaceuticals on-line. "In effect, the best method to measure spam is to be a spammer", the study says.

The scientists' methodology included documenting three spam campaigns producing 469 million e-mails in an attempt to identify how much of this spam is filtered by popular anti-spam solutions, how many users "click-through" to the site being advertised (the response rate) and how many spam emails result in a "sale" or "infection" (the conversion rate).

Studies on spam in the past have revealed that the marginal cost to send an e-mail is small and therefore an e-mail based campaign can be profitable even when the conversion rate is small. A study done by W.Y.P. Judge and D. Alperovitch, on Understanding and Reversing the Profit Model of Spam, speculated that response rates of as low as 0.000001 are enough to ensure profitability, and J.Goodman and R.Rounthwaite's Stopping Outgoing Spam concluded that the optimal strategy for reducing the cost of spam is to send spam as fast as possible.

The scientists working on the Spamalytics study admit that their final results are not necessarily representative of spam as a whole because their results represent a single data point, meaning that different studies could produce differing results. Yet, their particular findings are nevertheless interesting.

The study found that India, Pakistan and Bulgaria have the highest response rates to spam while the US (albeit a major target and responder) has the lowest resulting response rate of any country followed by Japan and Taiwan.

Furthermore, considering the amount of emails spammers send out, the conversion rate is actually quite low.

"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted - a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to US $100. Taken together, these conversions would have resulted in revenues of US $2, 731.88 - a bit over US $100 a day for the measurement period or US $140 per day for periods when the campaign was active...Thus, the total daily revenue attributable to Storm's pharmacy campaign is likely closer to US $7000 (or US $9500 during periods of campaign activity)" the scientists conclude.

Most common malicious software types

A number of spammers out there will attempt to email you messages encouraging you to click on certain links or open particular attachments. It obviously isn't a good idea to perform any of the actions mentioned above if one does receive spam mail as it could result in downloading malicious software that could do irrevocable damage to your computer and data.

But to provide a better idea of why one shouldn't do the above, below is a list of the most common malicious software that end users unintentionally download when opening a spam mail. The programs listed below are on the Symantec list of the most common malicious software types out there that spammers are currently trying distribute across the web.

Trojan Horse

A Trojan Horse is a downloadable program that, when run, it unloads hidden programs, commands, scripts or any number of commands without the user's knowledge or consent. The downloadable program usually takes the form of some usable software such as a downloadable screensaver.

Infostealer

Infostealer is a generic name for Trojan horse programs that attempt to steal sensitive information from a computer, such as password details. Infostealer can also affect MSN Messenger by writing fake messages and Infostealer may use some information from messages already written by the MSN user.

W32.IRCBot

W32.IRCBot is a back door Trojan horse that connects to an Internet Relay Chat (IRC) server and awaits commands from a remote attacker.

The three above-mentioned malicious software types are the main threats to your computer when it comes to malicious software being ‘distributed' via spam.

There are other types of malicious software out there, but much of this software are ‘cousins', if you like, of the programs mentioned above. ‘Trojan.Pandex' and ‘Trojan.Goldun', for example, are also some of the most widely downloaded computer infection types, but they are derivatives of the Trojan Horse virus at the end of the day.


Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code