BOSTON ( MainStreet) -- Looking for cheap handbags, a knockoff Rolex or Canadian Viagra? Perhaps your reputation for honesty has attracted the attention of a wealthy Nigerian who needs your help transferring funds out of the country? Odds are your email account is brimming with such opportunities. On any given day, as much as 45% to 75% of the world's inbound email is classified as spam, according to various studies.
Seriously, does anyone actually respond to these often misspelled solicitations? Is there actually money being made by someone out there? The answer is yes, and lots of it. "When asked why he robbed banks, Willie Sutton Famously responded, 'Because that's where the money is,'" wrote researchers at the University of California, San Diego, and the International Computer Science Institute at Berkeley in a study of spam-based advertising. "The same premise is frequently used to explain the plethora of unwanted spam that fills our inboxes, pollutes our search results and infests our social networks -- spammers spam because they can make money at it." Over the course of two studies, the researchers delved into all manner of spam -- email, blog, Twitter, Facebook, forums and comment sections. Prior estimates, they say, have been no more than "guesstimates," ranging from $2 million per spam botnet (a mother ship of sorts for the swarm of virus-infected, hijacked computers used to do the dirty work of distributing spam) to very little money at all. One often-cited claim, by the Russian Association of Electronic Communication, was that spammers earned roughly $125 million in 2009, a number assumed to have continued climbing. In the U.S., written Congressional testimony by AT&T's ( T) chief security officer said cybercrime reaps "more than $1 trillion annually in illicit profits," a figure skeptics pointed out would be well in excess of the entire software industry. ICSI says that although the "security community is awash in the technical detail of new threats" it has been deficient in analyzing the economics. And so, with a feat of hacking jujitsu, the researchers in 2008 wormed their way into a botnet, an endpoint for a swarm of infected computers used to do the dirty work of spam. As they explain in the ensuing study, they "infiltrated its command and control infrastructure parasitically." A URL crawler was used to follow the embedded links contained in real-time feeds of email spam. These efforts were integrated into a related study released last year.
|The few, naive folks who fall for spam solicitations are enough to fuel a multimillion-dollar business.|
What they discovered confirms the value of that age-old sales mantra, "volume, volume, volume." In the world of direct mail -- the old-fashioned kind delivered to your mailbox -- even a response rate of 1% might be considered a success based on the volume sent and the revenue potential of each reply. The industry average is about 2.5%, according to the U.S. Postal Service. A slightly lower benchmark for response rates, 2.15%, is offered by the Direct Mail Association. That trade organization says the cost to address, produce and deliver traditional mail campaigns to a thousand targets (the cost per mille, or CPM), rages from $250 to 1,000. It might cost, for example, $250,000 to send out a million solicitations, leading to 21,500 responses at a cost of $12 per prospect. The cost of an email campaign, however, is minuscule, and even a tiny yield of prospects can prove cost effective. As a bonus, the Storm botnet studied is a peer-to-peer botnet that propagates via spam (users are directed to a link that attacks with an executable program). The more spam sent, the more profits reaped. The spambot surveillance found that, as many would suspect, pharmaceuticals and counterfeit software are common solicitations. Many of the drugs being offered fall into the category of "male enhancement"; a slate of more than 60 erectile dysfunction medications constituted 62% of the underground marketplace. A broader inventory of 289 products included supposed anti-cancer drugs and asthma medication.
Five companies made up two-thirds of all sites advertised in the roughly 350 million distinct pharmaceutical spam URLS observed over three months in 2010. Three software companies dominated that market niche. Many in both fields tend to operate through affiliates who are paid on a commission basis (typically 40% to 50% of sales). Visa ( V) proved to be the "dominant payment method," the study says, adding that "few accept MasterCard ( MA) and even fewer still process American Express ( AXP)." The illicit server researchers glommed onto was pumping out nearly 1.7 trillion emails a year. Even with only about 30% ever reaching an actual reader, the odds of finding a rube were pretty darn good. They concluded that a spamming botnet of the level they researched could earn its owners about $7,000 to $9,500 a day. Those estimates are admittedly drawn from a small (1.5%) fraction of the Storm network. After 26 days and almost 350 million emails, only 28 sales resulted, a conversion rate well under 0.00001%. All but one sale was related to male enhancement products, and the average purchase price was around $100. Assuming this sliver of the botnet universe is in line with the larger efforts of the botnet, a conservative estimate of revenue -- which doesn't even factor repeat sales -- is $3.5 million a year. Self propagation adds 3,500 to 8,500 zombie computers to the cause each day. In a spam-for-hire context, an enterprise of this sort would be offered to, for example, a disreputable drug reseller for a fee of between $100 to $500 per million emails sent. Power users might expect a bulk discount, perhaps 100 million emails per day for $10,000 per month. Monthly spam statistics compiled by M86 Security Labs -- a provider of malware prevention and content security products acquired last week by network and data security company Trustwave) -- shows the current spam categories topping the charts: Pharmaceuticals accounted for 48.5% of pitches, according to its survey of intercepted spam during the week ending March 18. It was followed by dating (23%), replica retail products such as watches (19%), diplomas (0.59%), gambling (0.48%), software (0.09%) and finance (0.08%). Even lower, surprisingly, was "adult" material, with a mere 0.04% share India was the leader in terms of volume of spam originating from a country. It was followed by Indonesia, Russia, Vietnam and Pakistan. -- Written by Joe Mont in Boston. >To contact the writer of this article, click here: Joe Mont. >To follow the writer on Twitter, go to http://twitter.com/josephmont. >To submit a news tip, email: email@example.com.
Twitter and become a fan on Facebook.
Twitter and become a fan on Facebook.