Legitimate Research Disguised as Spam Campaign
Ever wondered how much money there is to be made from spam-based marketing? A study recently conducted by researchers from Berkeley and UC San Diego shows that you need to send out vast amounts of spam if you want to make a profit. A profit of two million dollars for example can be attained if in one year the spammer manages to send out billions of messages, and someone is gullible enough to answer to them of course. To put it simply, there is lots of money to be made, but the work you have to put into it is even greater.
Seven researchers from the two universities mentioned above managed to infiltrate the Storm botnet and ran an experiment to see how profitable spam really is. They set up two spam campaigns and let them run for a period of 26 days – the first campaign emulated the Storm infection; the second was a phishing page that advertised herbal medicine (for erectile dysfunctions and for libido problems). Just to keep things legit the researchers set up the site so that it would prompt an error message when users would attempt to hand over credit card details.
As it turns out, there are people that will buy into spam messages (literally). A grad total of about 469 million spam messages were sent out (about 350 million related to the pharmacy spam campaign), and while most people were security oriented enough to ignore them, 28 people actually placed an order for the advertised herbal male enhancement medicine. The orders placed by these 28 users amounted to $2,731.88, which is to say that the spam campaign earned around $100 per day.
The lesson that we all must learn from this study is that spam campaigns, even though they manage to get an incredibly low response rate (somewhere in the vicinity of 0.00001%), are incredibly cheap to run and have the potential to churn out a profit. If you have a large enough botnet and you manage to convince people to purchase your fake goods, you can earn money through spam. The only way that spam will come to a halt is if running such campaigns becomes a financially unsound decision.
Seven researchers from the two universities mentioned above managed to infiltrate the Storm botnet and ran an experiment to see how profitable spam really is. They set up two spam campaigns and let them run for a period of 26 days – the first campaign emulated the Storm infection; the second was a phishing page that advertised herbal medicine (for erectile dysfunctions and for libido problems). Just to keep things legit the researchers set up the site so that it would prompt an error message when users would attempt to hand over credit card details.
As it turns out, there are people that will buy into spam messages (literally). A grad total of about 469 million spam messages were sent out (about 350 million related to the pharmacy spam campaign), and while most people were security oriented enough to ignore them, 28 people actually placed an order for the advertised herbal male enhancement medicine. The orders placed by these 28 users amounted to $2,731.88, which is to say that the spam campaign earned around $100 per day.
The lesson that we all must learn from this study is that spam campaigns, even though they manage to get an incredibly low response rate (somewhere in the vicinity of 0.00001%), are incredibly cheap to run and have the potential to churn out a profit. If you have a large enough botnet and you manage to convince people to purchase your fake goods, you can earn money through spam. The only way that spam will come to a halt is if running such campaigns becomes a financially unsound decision.
