Profitability of spam finally measured

Profitability of spam finally measured

Summary: Researchers at UCSD have determined the return on investment for spam generated by the Storm botnet. While the per-message response rate is astonishingly low, it is sufficient for a spammer to generate a profit.

TOPICS: Security

Researchers at UCSD have determined the return on investment for spam generated by the Storm botnet. While the per-message response rate is astonishingly low, it is sufficient for a spammer to generate a profit. At this year's ACM Conference on Computer and Communication Security, Stefan Savage, Vern Paxson and crew presented a paper that measures the conversion rate, or the rate at which an advertising impression results in a product sale, for spam. The team used somewhat aggressive tactics to collect their data; namely, they hijacked a portion of the Storm botnet to inject spam that contained links to domains and storefronts they controlled.

The team's data and analysis has shown that that generating 28 sales, averaging around $100 each, of various "male-enhancement" products required 350 million separate spams. This provides a yearly revenue rate of the Storm botnet for the sale of pharmaceuticals of around $3.5 million dollars.

What I feel to be the most interesting result from the paper is the direct measurement of the quality of anti-spam technology broken down by geographic location. The countries with the spam lowest response rate include the UNited States and Japan. Both nations have some of the highest capital investment in anti-spam technologies. As of early 2008, the countries with the worst anti-spam technology appear to be India, Pakistan, and Bulgaria.

The researchers do state that the profit margins of the spammers appear to be sensitive to anti-spam techniques. I am left to wonder what would be the profitability of spam if everyone in the world used effective anti-spam software.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why put out a paper showing the money to be made?

    Its definitely interesting.. but this paper makes me want to get into the spamming business.

    I could probably do it. I experimented with some stuff a few years ago that would get the job done. Would have to be updated though.

    Then i could test it against my own spamassassin, mcafee boxes...
    • The New Spammer

      Go ahead. You might feel that it's pretty simple and easy to do, but you would be in for a rather rude surprise, I think. The kiddie/newbie/wanna be spammers don't last long these days without criminal connections and the actual people making money in North America are criminalized operations. A new kid showing up on the block is downtrodden pretty quickly by the spamfighters and criminals too if he turns out to look dangerous to their income; something very jealously guarded due to the RIO formulae.
      Line up a LOT of servers and give it a try; it's no business for the person who can't take a chance on anything from losing all his equipment, even home, to spending time with like-sex friends 24/7.
      Believe me, the article shows extremely little, if any, real advice that would be useful for going into spamming; didn't you even notice how apparently easy it was to hijack a botnet?
      I wish there were a freindly way to show you what I mean, but there isn't. Best I can do is recommend a lot more research into the subject and don't neglect the parts about what you are putting up as liabilities while you do that.
      If you want to do something rewarding, go to the other side and get a job there or just do it free as a good netizen.
  • RE: Profitability of spam finally measured

    I do not think you could do it. Real spammers do not talk about doing it zdnent... They just do it. It is like real groupies do not talk about hooking up with LeBron James, they just do it and get married. The build up infrastructure to creep on the web to find e-mail addresses and other means to get their money. Do you know how hard it is to get 350 million seperate e-mail addresses? Do you have the patience to earn 0.00001 cent for every e-mail you send? Do you know how to consistently find ads to send? I can only image the server power and the look of the code that handles the e-mail sending automation. Lets not forget that research groups are diligently working on anti-spam systems.
  • RE: Profitability of spam finally measured

    All you need less then .1% people out of the millions of spam that got sent who will respond with a 20-30 dollars you will make some serious money from this schemes. All you need is a network connection and bot other systems to send mail for you and you collect all of the "profits".
    Most of us that are on the other side of this sh*t this sh$t is annoying and pain and would like to send these people to gulag or other places of torture for a long term stay. Dying for these people is too good.
  • Interesting RE: Profitability of spam finally measured

    Novel way to track; KIDOS. Anecdotal and empirical is often the best way to get some data. The UCSD paper is very good too.
    I'm happy to see this kind of thing coming to being. Except for the last paragraph's intimations about geography, I think it's pretty obvious the US is great farm-ground for spam or it wouldn't be so heavily run here. We may be more educated but we're still great targets and in general it's my opinion that education about spam in this country is still dismal, equivalent to the dark ages. Overall there is very little education for treatment of spam.
    As a serious and active spamfighter I would love to see more articles like this one.

  • RE: Profitability of spam finally measured

    Well done! Thank you very much for professional templates and community edition
    <a href="">seslisohbet</a> <a href="">seslichat</a>