Another quick hit here: Just saw this story about how the spammer economy actually works. Apparently, researchers at UCSD hijacked a hijacker’s network – the “Storm” zombienet that uses Trojans in unprotected home computers to send out the “V1@gr@” and “h00d1@” spam messages. Their paper on “spamalytics” is here.

The number that jumps out right away: while running their own spam network, the researchers found that they only made one sale of cut-rate pharmaceuticals for every 12.5 million messages they sent out.  That’s a response rate of .00001%.

This is interesting to me for a couple of reasons.

  1. It shows that successful business can operate and earn a profit on the web, even if their response rate is vanishingly small.

     This is interesting, in light of the continued problems of big business to understand the concept of niches, rather than tossing out bland lowest-common-denominator pablum.

  2.  The amount of money being made by the spammers is far, far lower than popular culture would have it.

Hey, these were the guys running the dreaded “Storm” bot-net. In popular imagination, they were an army of greasy-haired Eastern European thugs; dressing in trench coats and trailing a platoon of vicious former Spetsnaz killer commandos.

In reality, the amount of money they’re making relative to the amount of work they’re having to put in, is actually rather pathetic.  They are having to demonstrate Mad Spamming Skills just to scrape off a tiny, tiny sliver of revenue.  Those kinds of skills, put in to a more legitimate arena, would earn them far more money. 

It’s like seeing someone with the skills of Shaq grifting tourists down at the basketball courts in Venice for pocket change, rather than making $121 million in the NBA.  Not sure what’s at work with these guys…

And finally, and possibly most importantly:

The research shows that even a small perturbation in the spamcosystem can have a massive effect on their revenues and business models.

This could mean the end of spam as we know it.

Look, these clowns are hanging on by their fingernails. Even a small, incremental improvement in internet security – cutting down on the numbers of infected zombie ‘bots, f’rinstance.  Or better router & packet sniffing, to bounce back spam messages.

If they have to send out 500-some-million messages to get back enough responses to survive on – well, if you make sure that they don’t even get those responses back … the spammers will be put out of business very, very quickly. Or as the BBC put it:

Scaling this up to the full Storm network the researchers estimate that the controllers of the vast system are netting about $7,000 (£4,430) a day or $3.5m (£2.21m) per year.

While this was a good return, said the researchers, it did suggest that spammers were not making the vast sums of money that some people have predicted in the past.

They suggest that the tight costs might also open up new avenues of attack on spammers.

The researchers concluded: “The profit margin for spam may be meager enough that spammers must be sensitive to the details of how their campaigns are run and are economically susceptible to new defenses.”

And BTW – may I just say to the guys at UCSD: kudos.  Really.  Someone there thought creatively. The way the guys who wrote “Freakonomics” did – they went behind the scenes and did the pick’n’shovel work to figure out how something really worked, and they came up with data that contradicted the conventional wisdom. 

From one renegade researcher & unconventional thinker to another: well done, sirs. Technorati Tags: , , , ,