Nov 14, 2008
Seriously. According to joint study by security researchers, Storm botnet can create as much as $ 3.5M of revenue per year. It was definitely one of the most ingenious research and analytical papers I have read so far.
In order to measure effectiveness of spam campaigns, researchers joined Storm botnet with bots that were used to conduct MITM attack on Storm itself. These bots changed spam campaigns slightly and redirected targets of spam campaign (users) to servers controlled by researchers. These servers mimicked websites of spammers and counted number of visitors and number of actual victims who fell for the scams and provided their information (credit card number, social security number, etc.). If the results are correct, spam campaigns are effective in less than 0.00001% of cases. This number is indeed extremely low, but if you consider size of the Storm and number of emails that it sends every day, you get to more interesting numbers ranging from $7000 to $9500 of revenue per DAY.
I left out few interesting details so if you have some time, consider reading the whole paper (12 pages).
In order to measure effectiveness of spam campaigns, researchers joined Storm botnet with bots that were used to conduct MITM attack on Storm itself. These bots changed spam campaigns slightly and redirected targets of spam campaign (users) to servers controlled by researchers. These servers mimicked websites of spammers and counted number of visitors and number of actual victims who fell for the scams and provided their information (credit card number, social security number, etc.). If the results are correct, spam campaigns are effective in less than 0.00001% of cases. This number is indeed extremely low, but if you consider size of the Storm and number of emails that it sends every day, you get to more interesting numbers ranging from $7000 to $9500 of revenue per DAY.
I left out few interesting details so if you have some time, consider reading the whole paper (12 pages).
0 comments:
Post a Comment