Several years ago, getting into the spam business used to involve the process of harvesting emails, figuring out ways to segment the database, localize the spam campaign by using a free translation service eventually ruining the social engineering effect, creating your very own botnet and coming up with creative ways to bypass anti-spam filters, ensuring the botnet remains operational, coming up with ways to obtain access to IPs with clean reputation, with little or no campaign effectiveness measurement at all..
These relatively higher market entry barriers are long gone. Today, every single step in the spamming process is managed and can be outsourced in a cost-effective manner to the point where the one-stop-shop spam vendors have vertically integrated and occupied every single market segment possible in order to increase the "lifetime value" of their potential customers.
When do you know that it's going to get uglier in the long term? It's that very special moment in time when the backend for such a managed spam system utilizing malware infected hosts and legitimate servers for achieving its objectives, goes mainstream and its authors remove the "proprietary, high-profit margin revenues earning business model" label from it.
And with this particular moment in time already a fact since the middle of 2008 (Spamming vendor launches managed spamming service), yet another new market entrant is pitching its managed spam service with the ambition to monetize his access to a particular botnet, and break-even from the investment made in the backend system.
With 9 different campaigns already finished (see the top screenshot) and another one currently in progress spamming out 3215 emails using 1672 infected hosts based on a harvested email database consisting of 306204 emails (notice the percentage of non-existent emails potentially spam-poison traps), his business model is up and running.
Further developments and new features within the service would remain under close monitoring in the future as well. In particular, the original vendor's updates which would ultimately affect all of his "value-added partners" improved managed spamming capabilities.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Monday, March 09, 2009
Inside (Yet Another) Managed Spam Service
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment