January 02, 2009, The Computer Corner, Idiots and nitwits respond to spam, By Charles Miller

The Computer Corner
Idiots and nitwits respond to spam
By Charles Miller January 2, 2009 San Miguel de Allende

A study project carried out in early 2008 by computer scientists from University of California, Berkeley and UC San Diego (UCSD) has provided some answers to a question every computer technician struggles to understand. The question is: “Who are the blithering idiots who respond to spam email?”

Assistant Professor Stefan Savage of UCSD, along with a team of seven scientists, managed to take over a part of the Storm network for the purposes of their study. The Storm network is made up of infected home computers of unsuspecting users who are unaware that their personal computers are being used without permission to send out millions of spam emails. At its height, Storm was believed to have more than one million infected machines under its control. The machines taken over by the researchers had already been infected by the spammers.

“The best way to measure spam is to be a spammer,” wrote the researchers. To this end, the researchers hacked into the command and control system for Storm and gained access to 75,869 hijacked PCs through which they were then able to route their own spam emails.

The research team created a fake but legitimate-looking pharmacy site which always returned an error message when potential suckers clicked a button to submit their credit card information. With this fake website ready, the researchers sent out 350 million email messages in 26 days. Only 28 gullible nitwits came to the website and tried to enter their credit card numbers. Incredibly, spammers are turning a profit despite only getting one response for every 12.5 million spam emails they send out, a response rate of less than 0.00001 percent. Compare that to the 2-percent response reported by legitimate direct mail organizations.

The researchers calculated that their fake website might have generated revenues of US$2,732, or about $100 a day for the time the study was in effect. From this sampling the researchers extrapolate that real spammers might be netting an estimated $7,000 per day.

Though unwanted spam email costs internet providers millions to handle and costs all of us hours of lost productivity, the spammers are actually making very little profit.

News reports of this study give me reasons for hope. Meager profits and dependence on stealing the use of infected computers means the spam industry is vulnerable. Because only 28 dupes are enough to make the junk mail industry profitable, they might also hold the key to choking the spam monster. Now we know that spammers have to send out 12.5 million emails to find just one sucker. If only a small number of responders could be stopped, the effects might be enough to take the profits from the spammers and put them out of business for good.

The most important data that could have come out of this study is missing from all the news reports I have read. If only 28 fools are out there supporting the spam industry, give us their names, addresses and phone numbers!

Please, if you know one of these 28, do your part to combat spam and find a way to stop them. Disconnect their internet access! Pry some of the keys off their keyboard! Use scissors on their credit cards. Help them get a life! Help save the rest of us from being buried with spam.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044-415-101-8528 or email FAQ8 (at) SMAguru.com.