

Equation: How Much Money Do Spammers Rake In? - gatsby
http://www.wired.com/magazine/2011/02/st_equation_spamprofits/

======
Udo
> _G = E x M x D x F x V x B x P_

It's the Drake equation for spam! $7000/day is not too shabby, either...

------
waitwhatwhoa
Hi guys, I worked with Julie in writing this article. I'd be happy to answer
any questions you have about the work. I was indeed inspired by the Drake
equation in coming up with this interpretation of our results :)

If you'd like to learn more about this experiment, the Wired article is based
off of: <http://cseweb.ucsd.edu/~savage/papers/CACMSpam09.pdf>

~~~
jamesshamenski
Was this a technically difficult operation to undertake? How long did it take
to plan and execute? i'm assuming that it's not that tedious of a task to
scale and automate.

In going through this exercise were you able to come up with ideas to combat
spam more effectively?

~~~
waitwhatwhoa
I wouldn't say it was incredibly technically difficult, the worst parts were
probably reverse engineering the somewhat funky custom encoding that the
botmaster was using for the C&C communication, and then writing the custom
router software to allow us to rewrite live tcp flows (we used click:
<http://read.cs.ucla.edu/click/click>).

We first started experimenting with the storm botnet about six months before
doing this experiment. Once we realized what their architecture allowed us to
do (MITM on the botnet's C&C), it probably only took a month or two to put
together the infrastructure needed to conduct the experiment. Scaling to more
nodes would have been relatively trivial, as the VMs running the Storm nodes
were completely unmodified and we could have easily brought more online behind
our flow-modifying router if necessary.

A colleague of mine did come up with one idea called "botnet judo" (paper
here: <http://www.cs.ucsd.edu/~voelker/pubs/judo-ndss10.pdf>) whereby we run
spamming bots within a contained environment that "seems" to have SMTP
connectivity but actually just sinkholes all the spam, and then we developed
highly effective and specific regular expressions from each bot's spam corpus.

~~~
jamesshamenski
Wow, that's really great. Thanks for the insight!

Was this project done as a thesis paper or was there an alternative purpose
for undertaking such a long project? I'm pretty impressed with the execution
of your team.

~~~
waitwhatwhoa
I wouldn't consider it "a thesis paper," but this project will eventually be
part of my PhD thesis. Overall I would just say that we just seized the
opportunity and wrote a decent paper. I, too, am impressed with our team and
certainly would be nowhere without it. Glad you've enjoyed our work!

------
jemka
I never understood why email servers never adopted something like the 3-way-
handshake, which ultimately would increase the bandwidth and processing power
required per email. It would theoretically make bot-nets easier to find and
protect against. However, I admittedly don't know much about the industry, so
there's probably a simple answer.

~~~
kooshball
I dont really follow what you're saying. Why do you think a 3 way handshake
would make any difference here? Why would it make bot-nets easier to find?

~~~
jemka
Spam is a numbers game. If you make it harder for spam messages to be sent
out, spammers 1. send less spam by default 2. increase hardware. (realize 2
can also include increase cost if not using a "free" bot-net)

If all SMTP servers were required to receive and send back a token/packet
before their original message was delivered, the bandwidth/cpu etc... required
to send the message will have increased.

Send original to recipient server, receive from recipient server, send to
recipient server. Then the mail is delivered.

Example: A single spammer can send out 50 million emails / month on current
system. Introduce a 3-way & that number drops.

If the spammer wants to get back to sending 50 million / month, a significant
increase in hardware will be required.

~~~
silentbicycle
In my experience, spamd (<http://www.openbsd.org/cgi-bin/man.cgi?query=spamd>)
is remarkably effective, and its greylisting works by requiring a
request/response before the first valid transmission.

------
hammock
"Then the researchers calculated an estimate of how much money the spammer
grossed per day: about $7,000."

That's great, but gives me absolutely no context to answer the actual
question, "How much do spammers rake in." Is 7K high, low or average for a
spammer? What's the total revenue of all spammers? How many spammers are
there? What is a spammer- an organization of 10, 20, 100 people, or is it one
guy?

------
ique
I'm more interested in ad-spam than this kind of botnet fraud spam.

For instance, if I built a twitter bot replying to anyone saying "iPad" with a
link, then the page at the end of that link was absolutely filled with ads.
How much money would I make?

It seems to be a somewhat viable method of getting some cash because you see a
lot of those bots around.

------
light3
0.238 * 0.000127 * 100 * 1700000 * 550 * 0.093 * 0.266 = 7000

So they assume 90.7% of messages get caught by spam filters.

Apparently they send out around 1 billion emails, 23.8% of which gets
delivered. Around 2600 people read the emails, and a quarter of them will an
average of $100.

------
aidscholar
I hate how the article doesn't mention any numbers / metrics except for the
final dollar value.

~~~
brendino
Check the graphic below the article. It's got most of the numbers.

