It may be temporary, but it feels good.
A victory on the endless battle against spammers was notched this week when McColo, a California hosting company, was switched off by Global Crossing and Hurricane Electric, the companies that provision it.
SC Magazine says that the news was originally reported by The Washington Post's Brian Krebs. He said the host which is associated with pharmaceutical and kiddie porn spammers, botnet command and control activities and other folks you wouldn't want moving in next door was shut down on November 12. The drop off in spam was noticeable, which is understandable considering the fact that the company is credited with trafficking as much as 75 percent of worldwide spam.
The story ends on a down note. The writer says spam levels are likely to rebound. The same sort of dip was noted after InterCage was shut down earlier this autumn. Spam reverted to earlier levels a few days later, according to the SC Magazine piece.
In a subsequent Washington Post post, Krebs uses a cool flow chart to deconstruct what McColo was accused of doing. The piece provides perspective on how much damage just one rotten apple can do to the Internet cart. Krebs links to a variety of source material, much of which is good fodder for experts. The takeaway, however, is clear: The bad guys are extraordinarily well organized and victories are likely to be fleeting.
Earlier this month and before the McColo news I discussed the latest trends in spam with Dermot Harnett, principal analyst for Antispam Engineering at Symantec. The takeaway is that spam is going nowhere, that purveyors of the bogus messages are extremely agile and topical jumping from a focus on the economy to Barack Obama and to other newsworthy events and that holiday spam is starting in earnest. Spam as a percentage of total e-mail is down a bit, but the reason may be that the overall amount of e-mails increases as the holiday shopping season starts. Thus, the same amount of spam will represent a lower portion, though the total number remains the same.
A constant refrain from people is, Who would be dumb enough to fall for a spam ad? The answer is not many, but enough to make it worthwhile. Bruce Schneier links to a paper that extrapolated on results deduced from a small part of the Storm botnet. The paper, which is titled Spamalytics: An Empirical Analysis of Spam Marketing Conversion, was written by five researchers from the Department of Computer Science and Engineering at the University of California and two from the International Computer Science Institute.
The writers said that the piece they infiltrated, which focused on pharmaceutical spam, generated 28 sales of almost $100 each in 26 days, covering almost 350 million e-mails. Revenue was $2,731.88. The pharmaceutical spam, if extrapolated over the continually expanding botnet, would generate about $3.5 million per year.
The authors warn against assuming that the small slice examined is representative of the entire botnet. The bottom line, though, is that the lack of expense to the sender makes even paltry results pay off, assuming the botnet grows big enough. Indeed, this reinforces the fact that though there will be victories in this long war, they will be short-lived and do little real damage to the nefarious industry.