Thursday, September 25, 2008

250k of Harvested Hotmail Emails Go For?

$50 in this particular case, however, keeping in mind that the email harvester is anything but ethical, this very same database will be sold and re-sold more times than the original buyer would like to know about. Moreover, what someone is offering for sale, may in fact be already available as a value-added addition to a managed spamming service.

With metrics and quality assurance applied in a growing number of spam and phishing campaigns, filling in the niche of email harvesting by distinguishing between different types of obfuscated emails by releasing an easily embeddable module, was an anticipated move. What's to come? Spam and malware campaigns across social networks "as usual" will propagate faster thanks to the ongoing harvesting of usernames within social networks, that would later on get imported in Web 2.0 "marketing" tools targeting the high-trafficked sites and automatically spamming them.

From a spammer's perspective, geolocating these 250k emails could increase their selling prices since the buyers would be able to launch localized attacks with messages in the native languages of the receipts. Is the demand for quality email databases fueling the developments of this market segment, or are the spammers self-serving themselves and cashing-in by reselling what they've already abused a log time ago? That seems to be the case, since there's no way a buyer could verify the freshness of the harvested emails database and whether or not it has already been abused.

For the time being, we've got several developed and many other developing market segments within spamming and phishing as different markets with different players. On one hand are the legitimately looking spamming providers offering "direct marketing services" working with lone spammers who find a reliable business partner in the face of the spamming vendor whose customers drive both side's business models. On the other hand, you've got the spammers excelling in outsourcing the automatic account registration process, coming up with ways to build a spamming infrastructure -- already available as a module to integrate in managed spamming services -- using legitimate services as a provider of the infrastructure.

Despite that the arms race seems to be going on at several different fronts, spammers VS the industry and spammers VS spammers fighting for market share, the entire underground ecosystem is clearly allocating a lot of resources for research and development in order to ensure that they are always a step ahead of the industry.

Related posts:
Harvesting Youtube Usernames for Spamming 
Thousands of IM Screen Names in the Wild
Automatic Email Harvesting 2.0
Dissecting a Managed Spamming Service
Managed Spamming Appliances - the Future of Spam
Inside an Email Harvester's Configuration File
Segmenting and Localizing Spam Campaigns
Shots from the Malicious Wild West - Sample Four