Fake-software junk mail – a spam investigator's insight

What the anti-counterfeiter saw...

Spammers have grown tired of peddling porn and vending Viagra. The latest crop of spam hitting inboxes worldwide at the moment is selling software.

Not kosher copies, of course, but pirated versions of popular packages – Windows XP, Adobe Acrobat and Corel Draw are favourites. The spammers are selling the software for $20 or $30, ten times less than the programs cost to buy new in the UK.

The spammers have spotted the possible demand and been pushing their wares hard in the last few weeks. Consumers, however, have spotted the spam and started reporting it to the Business Software Alliance (BSA) in increasing numbers.

One of the BSA's investigators - who cannot be named due to the nature of his work - told silicon.com that according to the Alliance's enquiries, the spam can be tracked to Eastern Europe, Russia and Asia, where counterfeiting is rife.

The software scam is big with gangsters and organised crime, because it helps the criminals launder their profits.

"There's often an organised group behind [the pirate software], working with spammers and hackers," he said. "There's a realisation that it's the cheapest and probably the safest way to launder money."

The investigator said that while the more sophisticated user knows software promoted via spam is unlikely to be a genuine product, the sites the spammers direct users towards via the junk mails can be convincing, with traditional 'shopping basket' and other functionality borrowed from high-profile ecommerce sites to lend the spammers some credibility.

For those who are well aware of the counterfeit nature of the software but let the minute cost win them over to buying from the spammers, the BSA investigator says users should bear in mind exactly where their money goes.

"You're supporting things you wouldn't normally support. You're funding organised crime – these people don't just deal in software, they deal in people and they deal in drugs," he said.

Apart from the social implications, those tempted should remember they are equally likely to end up with software that doesn't work, Trojans, keyloggers or other malware on their machines, courtesy of the spammers.

The BSA has also ramped up its technological efforts in order to combat the counterfeiters. As well as human investigators, the BSA has bots that crawl the web looking for likely dodgy software sites.

Other techniques used by the Alliance to track down culprits before handing their details to the authorities include test purchases, surveillance and following up leads from the public, as well as scouring P2P sites and newsgroups.

The BSA recommends anyone unsure of the legitimacy of software should look at the software publisher's website for recognised dealers – if the reseller site is not listed, be cautious. Any site without feedback and a physical address should also be treated with suspicion.