Feeds

Spamming for Dummies

A cautionary tale

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Let's call him Stan. Our entirely fictitious character begins his work day, as many of us do, by opening his email client and checking for new messages. As usual, a few legitimate emails are hidden amongst a deluge of spam, one of which catches his eye.

‘2 Million Email Addresses for $19.95’

Already a keen businessman, Stan doesn't take long to realise that the designer jewellery he's selling from his website could move off the shelves a lot faster if he could reach two million people with each advertisement.

Within half an hour Stan has bought a list of two million unique email addresses, 50 per cent of which are verified live accounts. Accounts that are known to be live are worth more to the soon-to-be spammer as they are known to have a human at the receiving end reading the incoming email. From the same site Stan purchases a piece of software labelled as a powerful bulk email sender with which he can hawk his wares.

While designed with the novice in mind, the spamming software is slightly beyond Stan’s level and it takes some time for him to master. Stan sees this as time well spent of course, but with each mistaken stab, hundreds of blank or malformed emails are sent to unwitting recipients.

Pausing at this late stage to read the help file for his newly-purchased software, Stan realises it will take some time for the software to send two million emails, and the first spam run is best saved for evening when Internet dialup costs are at their lowest.

Spammer in training

By the end of the week Stan is able to assess the success of his first spam run. At this point he does not consider himself a spammer and hasn’t yet considered how his marketing efforts are adding to the spam tsunami.

A quick calculation tells Stan he received a tiny response rate: only 0.03% of the people he emailed actually bought something. But even with such a poor response, he generated a healthy profit. Stan feels very happy with himself and starts researching how best to increase his future spam runs.

In the following weeks Stan’s list of email addresses grows considerably. He now owns software that will search the Web for new addresses, software to sort his lists and eliminate duplicates and software to verify if email accounts are still active.

Unfortunately for our spammer-in-training, it doesn’t take long for his Internet Service Provider to notice the deluge of emails he is sending and they cut him off, politely reminding him that spammers are not allowed on their network.

Luckily for Stan, though, he has got to know some more prolific spammers through the spam-specific chatrooms. They advise him on some of the more spam tolerant ISPs available overseas, some self- proclaimed ‘bullet proof hosting’ companies based in China that will allow him to send spam and which operate software to aid him in his advertising efforts.

Reducing the cost and complexity of web vulnerability management

Next page: The Untouchable

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.