) -- Looking for cheap handbags, a knockoff
or Canadian Viagra? Perhaps your reputation for honesty has attracted the attention of a wealthy Nigerian who needs your help transferring funds out of the country?
Odds are your email account is brimming with such opportunities. On any given day, as much as 45% to 75% of the world's inbound email is classified as spam, according to various studies.
|The few, naive folks who fall for spam solicitations are enough to fuel a multimillion-dollar business.
Seriously, does anyone actually respond to these often misspelled solicitations? Is there actually money being made by someone out there?
The answer is yes, and lots of it.
"When asked why he robbed banks, Willie Sutton Famously responded, 'Because that's where the money is,'" wrote researchers at the University of California, San Diego, and the
International Computer Science Institute
at Berkeley in
a study of spam-based advertising
. "The same premise is frequently used to explain the plethora of unwanted spam that fills our inboxes, pollutes our search results and infests our social networks -- spammers spam because they can make money at it."
Over the course of two studies, the researchers delved into all manner of spam -- email, blog,
, forums and comment sections.
Prior estimates, they say, have been no more than "guesstimates," ranging from $2 million per spam botnet (a mother ship of sorts for the swarm of virus-infected, hijacked computers used to do the dirty work of distributing spam) to very little money at all.
One often-cited claim, by the Russian Association of Electronic Communication, was that spammers earned roughly $125 million in 2009, a number assumed to have continued climbing. In the U.S., written Congressional testimony by
chief security officer said cybercrime reaps "more than $1 trillion annually in illicit profits," a figure skeptics pointed out would be well in excess of the entire software industry.
ICSI says that although the "security community is awash in the technical detail of new threats" it has been deficient in analyzing the economics. And so, with a feat of hacking jujitsu, the researchers in 2008 wormed their way into a botnet, an endpoint for a swarm of infected computers used to do the dirty work of spam. As they explain in the ensuing study, they "infiltrated its command and control infrastructure parasitically." A URL crawler was used to follow the embedded links contained in real-time feeds of email spam. These efforts were integrated into a
released last year.