Spam Botnet Earns Estimated $3.5 Million Annually

    November 11, 2008
    WebProNews Staff

A study on spam from Berkeley and UCSD came back with some pretty intriguing results. The most publicized one was that 1 in 12.5 million conversions is all it may take for spam to be profitable. Other findings show Hotmail may have the best spam filters, and that it’s likely that spambot operations are not third-party services.

Perhaps the most incredible detail of the study (PDF) is that the researchers, led by UCSD associate professor Stefan Savage, hijacked the Storm worm botnet, which accounts for an estimated 20 percent of all spam. Dummy pharmaceutical sites were set up in place of intended destinations, complete with drug inventory and shopping cart, with an error resulting when a would-be customer hit the checkout button.

This set up allowed the researchers to observe spam interaction in the wild.

Over 26 days, 350 million email messages went out, resulting in 28 sales, for a conversion rate of 0.00001%. All but one sale were for male-enhancement products, with duped (and apparently insecure) respondents averaging $100 worth of fake product. Interposing only 1.5 percent of the Storm network, that would push daily revenue to between $7,000 and $9,500, or $3.5 million annually.

The researchers determined, though, because of the cost of running such a large spam operation, this would not be enough revenue to split between affiliates, meaning it’s a good possibility the teams behind pharmaceutical sites are likely the same teams creating spambots. Though the team wouldn’t estimate the cost of doing this type of thing in-house, they did think it was roughly the cost of “two or three good programmers.”

“If true,” wrote the researchers, “this hypothesis is heartening since it suggests that the third-party retail market for spam distribution has not grown large or efficient enough to produce competitive pricing and thus, that profitable spam campaigns require organizations that can assemble complete “soup-to-nuts” teams. Put another way, the profit margin for spam (at least for this one pharmacy campaign) may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.”

Other interesting findings showed that the Hotmail was virtually on lockdown against the researchers hijacked spambot. Among the rest, which included Gmail, Yahoo, and Barracuda filters, Barracuda was the most porous, letting in between 0.00826% and 0.131% of messages (depending on type—pharmaceutical or April Fool’s), followed by Gmail, letting in between 0.00176% and 0.0063. Yahoo, though not as impermeable as Hotmail, did quite a bit better than the other two at blocking spam messages.

Most spam generated by the Storm worm targeted the US, and India, France, and the US returned the most responses. However, the response-rate was highest in India, Pakistan, and Bulgaria. The lowest response rates came from the US, Japan, and Taiwan. Researchers guessed it had more to do with spam education than about the attractiveness of male enhancement.