bits & bytes - Ping! Zine Web Tech Magazine
bits & bytes - Ping! Zine Web Tech Magazine
bits & bytes - Ping! Zine Web Tech Magazine
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SERVER SECURITY<br />
to another few hundred dollars a month.<br />
3. Next is the spam run” – the<br />
process in which the spammer sends out<br />
millions of e-mail messages as part of a<br />
specific campaign. Sending spam from<br />
compromised computers (“zombies”), a<br />
very common practice, does not incur any<br />
costs at all.<br />
4. Revenue generation – with the<br />
campaign on its way, and the online store<br />
live, the spammer sits back and counts<br />
the money coming in. Assuming a 0.01%<br />
sales conversion rate on one million e-<br />
mails, a spammer’s gross profit can range<br />
from$3,000 (porn website subscription),<br />
to $10,000 (Sex-related products) or<br />
even to $150,000 (home refinancing) per<br />
campaign.<br />
Getting Your Address<br />
Let’s take a look at the process from<br />
an economic standpoint, starting with e-<br />
mail lists. A list containing 300M e-mail<br />
addresses can be purchased online from<br />
$29.99 to $59.99. These lists are often<br />
automatically created by special software<br />
modules (called ‘bots’), which crawl the<br />
internet in search of e-mail addresses.<br />
For example, if you have participated in<br />
a newsgroup discussion and used your<br />
e-mail address, chances are you will be<br />
receiving spam to the e-mail address<br />
you’ve used for posting.<br />
44 <strong>Ping</strong>! <strong>Zine</strong> <strong>Web</strong> Hosting <strong>Magazine</strong><br />
Since e-mail addresses are easily obtained<br />
from across the internet, e-mail lists are also<br />
relatively low-priced. Spammers utilize<br />
a variety of other technical methods to<br />
harvest addresses too, such as “dictionary<br />
attacks” (automatically guessing common<br />
e-mail addresses) and “P2P harvesting,”<br />
in which spammers exploit peer-to-peer<br />
(e.g. filesharing) networks to obtain e-mail<br />
addresses.<br />
Sending You Spam<br />
Each spam campaign advertises a<br />
specific type of product. The types of<br />
products favored by spammers include<br />
generic prescription drugs, mortgages<br />
and sex-related products. The spammer<br />
usually sets up an online store selling the<br />
advertised product. Those online stores<br />
exist only for a few days, and are moved<br />
from one hosting provider to another.<br />
Typically, those hosting providers are<br />
“spam-friendly” and are willing to host<br />
spam-sites in exchange for high hosting<br />
fees.<br />
Once spammers obtain an e-mail list<br />
and set up an online store, running a<br />
spam campaign is the next step. Although<br />
the spammer is interested in sending out<br />
millions of e-mail messages, but sending<br />
such massive amounts of e-mail would<br />
normally incur significant costs, if done in a<br />
conventional manner. To avoid these costs,<br />
spammers do not typically send out all<br />
these messages from their own servers, but<br />
rather use compromised machines, known<br />
as “zombies,” to send their messages.<br />
Notably, many recent virus outbreaks were<br />
launched to create a network of “zombies”<br />
that could be controlled remotely. Such<br />
machines are used to send out spam e-<br />
mails, often without the knowledge of<br />
their owners.<br />
Assuming spammers rely on 3rd party<br />
infrastructure like zombies, their costs for<br />
sending spam are limited to their own ISP<br />
hosting fees. In such a situation, there is<br />
almost no difference in cost for the sender<br />
to send an e-mail message to one million<br />
recipients versus sending it to a single<br />
recipient. So, in essence, when running<br />
a spam campaign, the spammer actually<br />
uses other people’s resources, incurring<br />
little expense in the process.<br />
Making Money<br />
at Your Expense<br />
With the e-mails on their way, the<br />
spammer waits for customers. Industry<br />
surveys show at least ten percent of the<br />
population actually buys products and<br />
services advertised via spam. In specific<br />
product categories, the percentage of<br />
people buying spamvertised products is<br />
even higher – a recent survey conducted<br />
by the Better Business Bureaus showed<br />
twenty-one percent of American e-<br />
mail users have bought software from<br />
a spammer, while twenty-two percent<br />
purchased apparel and jewelry advertised