Wednesday, July 30, 2008

Dissecting a Managed Spamming Service

With cybercrime getting easier to outsource these days, and with the overall underground economy's natural maturity from products to services, "managed spamming appliances" and managed spamming services are becoming rather common. Increasingly, these "vendors" are starting to "vertically integrate", namely, start diversifying the portfolio of services they offer in order to steal market share from other "vendors" offering related services like, email database cleaning, segmentation of email databases, email servers or botnets whose hosts have a pre-checked and relatively clean IP reputation, namely they're not blacklisted yet.



How much does it cost to send 1 million spam emails these days? According to a random spamming service, $100 excluding the discounts based on the speed of sending desired, namely 10-20 per second or 20-30 per second. Let's dissect the service, and emphasize on its key differentiation factors, as well as the customerization offered in the form of a dedicated server if the customer would like to send billions of emails :



"-- High quality and percentage of spam delivery 

-- Fast speed of delivery

-- Spam database on behalf of the vendor, or using your own database of harvested emails

-- Easily obtainable and segmented spam databases on per country basis

-- Randomization of the spam email's body and headers in order to achieve a higher delivery rate

-- Support for attachments, executables, and image files



The cost - $100 for a million for letters delivered spam, with the large volume of spam discounts 20% -30% -40% based on the value-added Do-it-yourself customer interfare based on a multi-user botnet command and control interface :

 


-- Automatic RBL verification

-- Support for many subjects, headers,

-- Total customization of the email sending process

-- Autogenerating junk content next to the spammers email/link in order to bypass filtering

-- Faking Outlook Message ID / Boundary / Content-ID

-- Interface added. Now do not necessarily understand all the features into the system to start the list.

-- Convenient management tasks.

-- A high percentage of punching, on the basis of good europe - 40-60% (For the United States - less because there aol and others).

-- Improved metrics, whether or not the emails have been sent, lost, unknown receipt, or have been RBL-ed



With the weight of a billion - even discounts and the possibility of making a personal server. "



Rather surprising, they state that European email users have a higher probability of receiving the spam message compared the U.S due to AOL. What they're actually trying to say is due to AOL's use of Domain Keys Identified Mail (DKIM). As far as localization of the spam to the email owner's native language is concerned, this segmentation concept has been take place for over an year now.



This service, like the majority of others rely entirely on malware infected hosts, which due to the multi-user nature of most of the malware command and control interfaces, allows them to easily add customers and set their privileges based on the type of service that they purchase. This leaves a countless number of opportunities for targeted spamming, and yes, spear phishing attacks made possible due to the segmentation of the emails based on a country, city, even company.



In the long term, the people behind spamming providers, web malware exploitation kits and DIY phishing kits, will inevitably start introducing built-in features which were once available through third-party services. For instance, hosting infrastructure for the spam/phishing/live exploit URLs, or even managed fast-flux infrastructure, have the potential to become widely available if such optional features get built-in phishing kits, or start getting offered by the spamming provider itself. And since the affiliate based model seems to be working just fine, the ongoing underground consolidation will converge providers of different underground goods and services, where everyone would be driving customers to one another's services and earning revenue in the process.

No comments:

Post a Comment