Spam remains profitable, but only just

One of the more fascinating things you can think about when you're bored is why the spam is so different depending on where you have accounts. Perhaps I'm just lucky, but I get very little spam through my ISP. Mostly, it's just to persuade me to buy viagra and other more obviously fake ways of producing sexual enhancement. I suppose the way I trawl the web to find stories to write about here sells my name as someone desperate to find a way of overcoming sexual inadequacy. But, when it comes to Gmail, my inbox is more evenly divided between viagra and gambling sites. And then come the yahoo accounts (I have several for different purposes). Almost without exception, I am flooded by the Nigerian scam mail. It seems the spammers target different user groups depending on the mail servers they use. A research team based at the University of California has been digging into the problem - it's completely fascinating to see how some research teams spend their time. Anyway, this team decided to try estimating how much money the spammers made out of persuading people to buy Viagra. Their guess? $3.5 million a year. How did they come up with this number? Well, like cunning hackers, they wormed their way into the Storm botnet. For the uninitiated among you, this is one of the control centers for all those hacked computers around the world. Storm lets you send out millions of e-mails. To monitor responses, they set up two websites of their own to promote. One offered to sell viagra. The other was designed to mimic infecting the users with trojans - the same little bits of code that allow spammers to hijack machines in the first place. Both were actually harmless but counted the traffic and downloaded benign bits of code. Now comes the exciting bit. They sent out almost 470 million e-mails. There were 350 million to promote the viagra site with 10,500 people responding and 28 people attempting to buy Viagra in quantities worth more than US$100. So the low conversion rate did not mean low profits. By scaling up this hit rate, the research team arrived at their annual estimate for gross revenue. But it's actually quite expensive to send out all this spam so the only way the operation pays is if the spammers also run the sites they promote. The infection site was more efficient, converting an average of 6,000 PCs a day to clones. OK, so now you know who to blame for some of that spam you have been receiving, you can all get your own back by e-mailing the research team which is based at the campuses at Berkeley and San Diego.