Tuesday, May 6, 2008

Spammers & Scammers

How spammers manage to make money

Kavita Kukday | TNN 
Spam is undoubtedly one of internet miscreants’ oldest tricks. With the internet security community stopping just short of putting up hoardings screaming not to touch those “Make money for nothing” emails, one can safely assume that anyone with even half a clue won’t touch them with a bargepole. So how does the spamming community survive and thrive when no one who is even tad bit tech savvy admits to doing business with them? Would there be hoards of poverty-stricken spammers out there that are slowly, but surely, starving to death?

    The answer is unfortunately a big No.

    Studies have found that the business of spam is spinning more money by the day. So how do these spammers make money?

    Well, contrary to popular belief, a significant number of spammers apparently aren’t at all interested in whether anyone buys their wares. They will, in fact, keep minting money even if you never click on any of the spam emails. How? They simply feed off other spammers in a bizarre cannibalistic pyramid scheme of spinning money.

    The math is simple: most spammers make money selling email addresses to other spammers, who then sell those same addresses to others and so on, say security experts.

The numbers game: According to a study by IronPort Systems, Cisco’s security division, the spam volume currently stands at a whopping 98 billion per day worldwide. And it’s growing at 12% month over month since June 2007.

    “And why ever not? It makes you a lot of easy money. Spam masters make $10,000+ a week,” said Ambarish Deshpande, regional director, IronPort Systems, adding, “and they don’t do anything except mine for more and more legitimate addresses and sell them for money.”

    Obviously then, the profession is gaining popularity with young hackers, especially those in third world countries. The study found that the internet had an entire sub-industry supported by spammers alone. For instance, a test conducted on pharmaceutical spammers showed that four days of access to a spam server network, which simply gives you an infrastructure to dish out spam, gives these professionals $6,800.

    The study also found that replying to spam will always result in more spam. In fact, you would find that maximum percent of the spammers never even reply to your requests for more information on their product or service. That’s because they make money on customers’ email address, which is sold to other spammers who in turn again simply pass along the address to still other spammers.

    Funnily, some of these addresses finally also land them into actual legitimate business—people with a real product to sell who were actually interested in selling them. Since there are several layers to this spam scam, most of these legitimate business people don’t even know that the recipient hadn’t requested their sales pitch, because whoever sold them the email addresses in the first place had assured them the recipients wanted the information.

Hidden risks: The biggest number, of course, was found to be that of spam mails with offers for pornography, which consistently delivered exactly the sort of materials they promised. But even these came with nasty pop-up adproducing spyware, and the inbox was crammed with Xrated spam that would singe the retinas of all but the most jaded viewer. Worse, they opened up a backdoor to the computers with various codes that did everything from copying important data from your PC to turning your PC into a zombie that delivered more spam to random addresses all over the world.

    However, if this has led you to think you are safe because you never fell into the trap of clicking on those emails with pornographic content, think again. According to a Google study conducted in May 2007, “One in 10 web pages are infected with malicious code. 70% of web-based infections were found on ‘legitimate’ websites. An estimated 5% of heavily trafficked websites have some sort of threat associated with them—ranging from adware to malicious spyware.”

    For instance on Indian websites, malicious content was found embedded in sites like Delhi Tourism (www.delhi-tourism-india.com/culture), www.zeeinternational.co.in, Business Management Association (www.bmaindia.com) and also some well known banks who have since taken down the culprit script, said a security professional from one of the top security companies.

Scam spam: Finally, there is a good percent of spam messages that obviously still turn out to be brilliant scams. One such example Iron-Port Systems came across was where the ads spoke about a Canadian pharmacy. This sold $129.95 bottle of the ‘Erection pack’, which consisted of two packs of sexual stimulants, ‘viagra’ and ‘cialis’. The best part was a slick legitimate-looking pharmacy site called ‘My-CanadianPharmacy’. This came with a legitimate address and ‘contacts us’ sections.

    The spammers had not only gone to the trouble of making a legitimate looking website, but had also actually set up a delivery system which was traced back to a garage in India. A smalltime company in India was hired to package some tablets that were crammed with enough herbal stimulants to keep a person generally charged up for days. The package even included the return address of this place in Goregaon, Mumbai.

    “It was a brilliant business strategy because this way the spammers actually made the customers believe that they were on to something legitimate and got repeated business from them,” said Deshpande.

No comments: