'Spamalytics'

Spammers send 120 billion spam emails to internet users daily and, like it or not, spam exists because the  senders generate a profit. Now US scientists have revealed how spammers make their money
'Spamalytics'
By Administrator
Sat 10 Jan 2009 04:00 AM

Spammers send 120 billion spam emails to internet users daily and, like it or not, spam exists because it achieves its sender’s purpose of generating a profit or damaging many people’s computers. But in an attempt to potentially stem the tide of spam a group of United States scientists have recently revealed some interesting findings about how spammers achieve these objectives in a report aptly entitled 'Spamalytics'.

Spamming all over the world

According to Symantec's October 2008 monthly report on The State of Spam, spam categories included adult, fraud, financial, scams, products, political, leisure, internet, health and fraud.

Twenty nine percent of the world's spam in October 2008 originated from the United States. Russia clocked in at 7% and South Korea, India and China each produced 4 % of the world's spam.

"We continue to see spammers leveraging the housing market downturn and the general economic instability in the US as a vehicle to promote their spam attacks. Leveraging the intense interest in these current events, spammers hope to collect personal information from their targets. As news of the economy continues to dominate headlines, it is apparent that spammers will continue to use this angle to try and exploit email users", the report says.

Even the recent US presidential race got spammers going with polling scams promising recipients gift cards and t-shirts in exchange for opinions on the election. The activities of the candidates resulted in spammers spreading malware amongst recipients.

Symantec is one company that produces regular monthly reports regarding spam, but a group of scientists in the US have conducted what has been called the first in-depth study into spam to establish how many people are affected by or respond to spam.

Studying spam

Computer scientists from the University of California, Berkeley and UC in San Diego recently carried out what has been described as the "first large-scale quantitative study of spam conversion".

The report, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, had the aim of providing a measure of the "conversion rate" of spam. In other words, the scientists wanted to establish the probability of an unsolicited e-mail resulting in a "sale" or the "infection" of a computer with malware.

The study involved using the Storm botnet's infrastructure to analyse two spam campaigns - one designed to propagate a malware Trojan and the other marketing pharmaceuticals on-line. "In effect, the best method to measure spam is to be a spammer", the study says.

The scientists' methodology included documenting three spam campaigns producing 469 million e-mails in an attempt to identify how much of this spam is filtered by popular anti-spam solutions, how many users "click-through" to the site being advertised (the response rate) and how many spam emails result in a "sale" or "infection" (the conversion rate).

Studies on spam in the past have revealed that the marginal cost to send an e-mail is small and therefore an e-mail based campaign can be profitable even when the conversion rate is small. A study done by W.Y.P. Judge and D. Alperovitch, on Understanding and Reversing the Profit Model of Spam, speculated that response rates of as low as 0.000001 are enough to ensure profitability, and J.Goodman and R.Rounthwaite's Stopping Outgoing Spam concluded that the optimal strategy for reducing the cost of spam is to send spam as fast as possible.

The scientists working on the Spamalytics study admit that their final results are not necessarily representative of spam as a whole because their results represent a single data point, meaning that different studies could produce differing results. Yet, their particular findings are nevertheless interesting.

The study found that India, Pakistan and Bulgaria have the highest response rates to spam while the US (albeit a major target and responder) has the lowest resulting response rate of any country followed by Japan and Taiwan.

Furthermore, considering the amount of emails spammers send out, the conversion rate is actually quite low.

"After 26 days, and almost 350 million e-mail messages, only 28 sales resulted - a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to US $100. Taken together, these conversions would have resulted in revenues of US $2, 731.88 - a bit over US $100 a day for the measurement period or US $140 per day for periods when the campaign was active...Thus, the total daily revenue attributable to Storm's pharmacy campaign is likely closer to US $7000 (or US $9500 during periods of campaign activity)" the scientists conclude.

Most common malicious software types

A number of spammers out there will attempt to email you messages encouraging you to click on certain links or open particular attachments. It obviously isn't a good idea to perform any of the actions mentioned above if one does receive spam mail as it could result in downloading malicious software that could do irrevocable damage to your computer and data.

But to provide a better idea of why one shouldn't do the above, below is a list of the most common malicious software that end users unintentionally download when opening a spam mail. The programs listed below are on the Symantec list of the most common malicious software types out there that spammers are currently trying distribute across the web.

Trojan Horse

A Trojan Horse is a downloadable program that, when run, it unloads hidden programs, commands, scripts or any number of commands without the user's knowledge or consent. The downloadable program usually takes the form of some usable software such as a downloadable screensaver.

Infostealer

Infostealer is a generic name for Trojan horse programs that attempt to steal sensitive information from a computer, such as password details. Infostealer can also affect MSN Messenger by writing fake messages and Infostealer may use some information from messages already written by the MSN user.

W32.IRCBot

W32.IRCBot is a back door Trojan horse that connects to an Internet Relay Chat (IRC) server and awaits commands from a remote attacker.

The three above-mentioned malicious software types are the main threats to your computer when it comes to malicious software being ‘distributed' via spam.

There are other types of malicious software out there, but much of this software are ‘cousins', if you like, of the programs mentioned above. ‘Trojan.Pandex' and ‘Trojan.Goldun', for example, are also some of the most widely downloaded computer infection types, but they are derivatives of the Trojan Horse virus at the end of the day.

Therefore, the scientists extrapolate that the Storm-generated pharmaceutical spam would produce approximately US $3.5 million revenue in a year.

The scientists also conclude that the "profit margin for spam (at least for this one pharmacy campaign) may be meagre enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defences". So, it takes a big spam operation to turn over millions of dollars in profit each year.

The increasing link between spam and compromising your computer

Apart from the prolific marketing-related spam emails out there, there has been an increase in the number of spam messages containing URL links to malicious code according to the Symantec October 2008 Spam Monthly report. These emails contain links to malware designed to infect other computers with viruses and Trojans.

Symantec came to this conclusion as a result of studying data retrieved from customers running antivirus software and who have consented to returning data and, thus, the total messages scanned included legitimate and spam messages.

The report goes on to state that the majority of this malware appeared in zip and RAR files, which were detected by antivirus filters. The next most common payload vector has been that of malware imbedded in an email's source code.

Symantec says that from June to mid September 2008, "the percentage of malware detected in email messages had a dramatic increase from a tenth of a percent (0.1 percent) average in June 2008 to 1.2 percent in the middle of September 2008".

Topping the charts, in terms of the malicious software, was the generic Trojan Horse detected in 13.4 percent of the identified messages. The Trojan Horse was followed by Downloaders, malicious programs used to download other malware, at 11.8 percent.

Infostealer, another generic definition that blocks programs attempting to steal sensitive information from a user's computer, clocked in at 11.1 percent.

The source of these email messages were varied, being sent from compromised servers around the world. But China, the Republic of Korea and the United States headed the list of the origins of the compromised servers.

Another form of spam compromising one's computer is ‘Zombie' activity. Zombie is a term given to a computer that is being used for various activities ranging from sending spam, hosting websites that advertise spam and acting as DNS servers for zombie hosts. In September 2008, there was a 101 percent increase in the number of active zombies sending spam.

The top ten countries hosting active zombie computers for September 2008 were Turkey, Brazil, Russia, the United States, India, China, Germany, Argentina, Poland and Thailand.

So, taking all of this information into consideration, what is the best way to arm one self? Well, apart from getting a credible anti-virus program installed on your computer, knowledge is power.

This article features a list of the most common malicious software types and an assimilation of the top tips to help prevent you from becoming a spam victim.

Tips for avoiding spam

So, how do you go about avoiding the possible nasty consequences of being affected by spam? Well, for starters, you can adhere to common sense and just avoid opening the stuff when and if it arrives in your inbox, but for those who are seeking more valuable preventative measures, make sure you read on...

Never respond to spam

If you respond to spam, there is a likelihood that your email address could be distributed to various other spammers, which opens you up to more annoying and dangerous emails landing in your inbox.

Do not open spam-messages

Some spam-messages are edited in HTML and just opening a message can be enough to automatically send the spammer a confirmation that your address is valid.

Alter your e-mail address when you post it

The web is full of "address harvesters" or spam bots that search the internet for email addresses. You might post your e-mail address sometimes on a forum or even comment on an article online. However, it's always a good idea not to post your email address (if you really have to) as, for example, james [at] emailaddress.com.

Don't give out your primary e-mail address

Create a "disposable" e-mail address (such as one from an MSN Hotmail account) that you can give when registering for free software or shareware, or even when ordering from a company online.

Don't use info@withyourdomain.com

If you have your own domain space, try not to use names like info, service, mail, postmaster, sales and so on for your email address. These words are standard names which the spammers always try with various domain names.

Be careful with messages from banks

Be extra alert with messages that seem to be sent from banks or other financial institutions. This kind of spam usually transgresses into the realm of phishing, a cyber-crime that has the aim of attaining all your important bank details, such as your username and password for online banking for instance.

Web sites' privacy policies

Make sure that you're checking all the privacy options you need to check when you are signing on for an online service. Some sites assume the right to share your information; other sites will provide you a way to opt out.

Tailor your surfing to minimize viruses and spam.

Finally, there are many websites out there that are a source of viruses and spam, such as gambling websites. There are always exceptions, and certainly not every site is infected, but if you tend to visit any of these, your browser might be giving you away. So, try and keep your surfing habits tidy.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.