Researchers Take Over Storm Botnet To Study How Spam Works

A group of researchers have taken over a spam network to understand how junk mailing and the results were rather startling.

The team of computer scientists from University of California, Berkeley and UC, San Diego (UCSD) infiltrated the Storm network over a period of four weeks and took control of more than 75,000 zombie PCs, mostly home computers.

These were then used to send spam emails pointing to a purpose-built fake pharmaceutical online store complete with pseudo-Viagras and other similar products. Only one out of every 12.5 million emails sent out converted into a lead.

Out of the 350 million messages sent over 26 days, 28 sales were made at an average cost of $100 each. That's a conversion rate of less than 0.00001 cent - around 10,000 less than what you would expect from a legitimate mail.

By extrapolating that number to the estimated size of the Storm network, they worked out that spamming could generate at least £2.3 million per annum (or in other words, 35,000 victims).

Before destroying the part of Storm they controlled, the researchers also ran a fake spam campaign that aimed at testing the way Storm acquires new Zombie computers, through malware dissemination by sending nearly 123 million email.s

The research actually shows a number of interesting things. Firstly, it is easy enough for computer researchers to hijack part of Storm, why didn't they take it down altogether?

Secondly, it remains to be seen whether, even as researchers, what they did was legal as they did not ask for the user's permission before spamming their inboxes and thirdly, it shows that the average web user is properly protected (using tools like web filters) and knows when an email is spammy or not.

Lastly, business must be booming as profits after operating costs must be small enough to make spamming interesting for these criminals.

Related Links

Samples of the websites used

The Storm Botnet Data Flow Diagram

The Storm Botnet Hierarchy