Spam Profit Margin sux0rs?

A team of seven researchers at the University of California, Berkeley and UC, San Diego got into the Storm botnet to get a closer look at how much money spammers might be making.

Their findings seem to show that profit margins for these shady dealings may not be that spectacular.

“The best way to measure spam is to be a spammer,” the researchers wrote in a paper recounting their infiltration of the network of millions of hacked computers.

The researchers were able to modify alter Storm’s command and control system to take control of 75,869 hijacked computers. These were used to channel consumers to a fake pharmaceutical site and a fake e-postcard site.

The latter was designed to simulate the way Storm spreads viruses.

Both fake sites were neutered: the pharmaceutical site returned an error message when consumers attempted to submit their credit card information for payment, and the e-postcard site ran an innocuous executable file.

The researchers tracked how many of their spam messages reached inboxes, and how many of these resulted in purchases or computer infections.

During the length of the study, which lasted 26 days, about 469 million e-mail messages were sent. Of the 350 million pharmaceutical-related e-mails sent, 10,522 users actually visited the fake site, and only 28 people attempted to make a purchase.

For those of you keeping score at home, that translates into a response rate of .0000081 percent.

The researchers said this response rate would have given them revenues of $2,731.88, or a bit more than $100 per day.

The actual Storm network may be raking in $7,000 per day, or more than $2 million per year.

The costs of these spam operations would make it more difficult for spammers to make huge profit margins.

“The profit margin for spam may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses,” the researchers asserted.

It was also estimated that the Storm network could take control of 3,500 to 8,500 new PCs every day.

Sources:
http://news.bbc.co.uk/2/hi/technology/7719281.stm

http://www.pcworld.com/businesscenter/article/153575/study_viagra_spam_is_profitable_but_margins_are_tight.html

http://government.zdnet.com/?p=4175