Page last updated at 11:53 GMT, Monday, 10 November 2008

Study shows how spammers cash in

Sale signs in shop window, PA
A tiny response means spammers still cash in (PA)

Spammers are turning a profit despite only getting one response for every 12.5m e-mails they send, finds a study.

By hijacking a working spam network, US researchers have uncovered some of the economics of being a junk mailer.

The analysis suggests that such a tiny response rate means a big spam operation can turn over millions of pounds in profit every year.

It also suggests that spammers may be susceptible to attacks that make it more costly to send junk mail.

Slim pickings

The spam study was carried out in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD).

For their month-long study the seven-strong team of computer scientists infiltrated the Storm network that uses hijacked home computers as relays for junk mail.

At its height Storm was believed to have more than one million machines under its control.

The team, led by Assistant Professor Stefan Savage from UCSD, took over a chunk of the Storm network to make it easier to run their study.

"The best way to measure spam is to be a spammer," wrote the researchers in a paper describing their work.

They created several so-called "proxy bots" that acted as conduits of information between the command and control system for Storm and the hijacked home PCs that actually send out junk mail.

The team used these machines to control a total of 75,869 hijacked machines and routed their own fake spam campaigns through them.

Fake pharmacy website, UCSD/UC Berkeley
The research team created a legitimate looking pharmacy site.

Two types of fake spam campaign were run through these machines. One mimicked the way Storm spreads using viruses and the other tried to tempt people to visit a fake pharmacy site and buy a herbal remedy to boost their libido.

The fake pharmacy site was made to resemble those run by Storm's real owners but always returned an error message when potential buyers clicked a button to submit their credit card details.

While running their spam campaigns the researchers sent about 469 million junk e-mail messages. The vast majority of these were for the fake pharmacy campaign.

"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted," wrote the researchers.

The response rate for this campaign was less than 0.00001%. This is far below the average of 2.15% reported by legitimate direct mail organisations.

"Taken together, these conversions would have resulted in revenues of $2,731.88—a bit over $100 a day for the measurement period," said the researchers.

Scaling this up to the full Storm network the researchers estimate that the controllers of the vast system are netting about $7,000 (£4,430) a day or more than $2m (£1.28m) per year.

While this was a good return, said the researchers, it did suggest that spammers were not making the vast sums of money that some people have predicted in the past.

They suggest that the tight costs might also open up new avenues of attack on spammers.

The researchers concluded: "The profit margin for spam may be meagre enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defences."

Print Sponsor


SEE ALSO
Letter lottery defines spam load
01 Sep 08 |  Technology
Beijing investigates spam attack
24 Mar 08 |  Business
'Pump and Dump' conmen targeted
11 Aug 08 |  Technology
Spam blights e-mail 15 years on
31 Mar 08 |  Technology
'Super Spam Me' experiment
01 Jul 08 |  Technology
Spam reaches 30-year anniversary
02 May 08 |  Technology
Archives aided by anti-spam tools
18 Aug 08 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific