Another quick hit here: Just saw this story about how the spammer economy actually works. Apparently, researchers at UCSD hijacked a hijacker’s network – the “Storm” zombienet that uses Trojans in unprotected home computers to send out the “V1@gr@” and “h00d1@” spam messages. Their paper on “spamalytics” is here. 
The number that jumps out right away: while running their own spam network, the researchers found that they only made one sale of cut-rate pharmaceuticals for every 12.5 million messages they sent out. That’s a response rate of .00001%.
This is interesting to me for a couple of reasons.
- It shows that successful business can operate and earn a profit on the web, even if their response rate is vanishingly small.
This is interesting, in light of the continued problems of big business to understand the concept of niches, rather than tossing out bland lowest-common-denominator pablum.
- The amount of money being made by the spammers is far, far lower than popular culture would have it.
Hey, these were the guys running the dreaded “Storm” bot-net. In popular imagination, they were an army of greasy-haired Eastern European thugs; dressing in trench coats and trailing a platoon of vicious former Spetsnaz killer commandos.
In reality, the amount of money they’re making relative to the amount of work they’re having to put in, is actually rather pathetic. They are having to demonstrate Mad Spamming Skills just to scrape off a tiny, tiny sliver of revenue. Those kinds of skills, put in to a more legitimate arena, would earn them far more money.
It’s like seeing someone with the skills of Shaq grifting tourists down at the basketball courts in Venice for pocket change, rather than making $121 million in the NBA. Not sure what’s at work with these guys…
And finally, and possibly most importantly:
The research shows that even a small perturbation in the spamcosystem can have a massive effect on their revenues and business models.
This could mean the end of spam as we know it.
Look, these clowns are hanging on by their fingernails. Even a small, incremental improvement in internet security – cutting down on the numbers of infected zombie ‘bots, f’rinstance. Or better router & packet sniffing, to bounce back spam messages.
If they have to send out 500-some-million messages to get back enough responses to survive on – well, if you make sure that they don’t even get those responses back … the spammers will be put out of business very, very quickly. Or as the BBC put it:
Scaling this up to the full Storm network the researchers estimate that the controllers of the vast system are netting about $7,000 (£4,430) a day or $3.5m (£2.21m) per year.
While this was a good return, said the researchers, it did suggest that spammers were not making the vast sums of money that some people have predicted in the past.
They suggest that the tight costs might also open up new avenues of attack on spammers.
The researchers concluded: “The profit margin for spam may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.”
And BTW – may I just say to the guys at UCSD: kudos. Really. Someone there thought creatively. The way the guys who wrote “Freakonomics” did – they went behind the scenes and did the pick’n’shovel work to figure out how something really worked, and they came up with data that contradicted the conventional wisdom.
From one renegade researcher & unconventional thinker to another: well done, sirs. Technorati Tags: Spam, UCSD, botnets, Storm, hijacking
Finally someone addresses a question that I’ve never heard answered for over a dozen years. Now what they need to do is find that one in a gazillion person who actually responds to spam and intends to actually send money and find out WHY!
Well, that one in a gazillion person is unfortunately not as rare as we’d all like to hope (pretend). Examples of much larger-scale foolishness abound: the sub-prime lending crisis, cigarette smoking, and the 25% of the population that’s still using IE 5.0 come to mind…
What stuns me is the availability of targets for this kind of bilking in a “down” economy … although I guess the economic crisis does kinda incentivize people who are looking for even better deals, ways to save just a little bit more money. The fact that they seem to ignore the larger issue of whether or not they wind up getting totally ripped off seems to be outweighed by the short-term gain.
There’s a reason why the whole “Buy now-Pay later” meme has caught on so well … at all levels, from the individual, to the collective (see $11 TRILLION federal deficit).