Twenty-nine percent of Internet users have purchased goods from spam e-mails, according to new research by Internet security company Marshal. The most commonly purchased items include sexual enhancement pills, software, adult material and luxury items such as watches, jewellery and clothing.
Marshal's research, which asked: 'What purchases have you made from spam?' attracted 622 responses, with 29.1% indicating that they had made purchases. The poll showed the proportion of spam purchases had risen when compared to a similar Forrester Research poll from 2004, which surveyed 6 000 active Web users and reported 20% had made purchases from spam.
"The poll highlights an inconvenient truth," said Marshal Vice-President of Products, Bradley Anstis. "Many of us often question ourselves, why is there so much spam? The answer is, enough people are purchasing products from spam to make it a worthwhile and profitable endeavour for spammers.
"Spam is commonly believed to attract very low response rates. Estimates indicate there are often less than 10 purchases made for every million spam messages sent. But most of these messages are blocked by spam filters. This means the actual response rates are much higher if you only count those e-mails that make it into a person's inbox."
Marshal's mid-year Internet security report, compiled by its TRACE (Threat Research and Content Engineering) security team, indicates that global spam volumes doubled for the year ending June 2008.
"Industry estimates vary, but the consensus is that more than 150 billion spam messages circulate daily and regularly account for more than 85% of all e-mails," continued Anstis. "The problem is enormous and it is only getting worse. Spam consumes bandwidth and resources, costs recipients time and money and it has become one of the Internet's biggest security problems now that spammers have turned their hand to distributing malware as well."
Despite perceived low response rates, spammers have made substantial profits and continue to exponentially increase the volume of spam they send. This increase has largely been made possible by the advent of botnets, which have revolutionised the spam industry. Botnets are networks comprised of thousands of infected personal computers, controlled remotely by criminals. They have enabled spammers to push down their costs through economies of scale and eliminated the need for spammers to host their own spam servers as they simply take control of other people's computers instead. Recent FBI prosecutions of bot-herders and investigations of message-boards used by spammers, suggests the going rate for spammers to send a million spam messages is as little as US$5 - $10.
"Spam has become a mainstream means of advertising for restricted or counterfeit goods due to strong demand from Internet users. Many of us don't consider spam to be a legitimate marketing practice, but the products that people are buying aren't legitimate. There is a huge market for cheap goods that are otherwise expensive or hard to come by via legitimate means," explained Anstis.
Spam is big business. The criminal syndicates operating the major botnets are well financed, highly organised and dominate the market. Marshal's research indicates that just five botnets account for 80% of the world's spam.
"The syndicates hire software developers to create the bot code for them. These bots are sophisticated, well made, and highly resilient against security products trying to remove them. The criminal developers make use of the latest tools and vulnerabilities and they are not governed by the rules and restrictions that legitimate software developers work by. This freedom gives them an advantage over anti-malware vendors," commented Anstis.
According to Marshal, companies that want to use spam to market their products work through an elaborate network of front companies and middle-men to rent services from one or multiple botnet syndicates. The criminal syndicates behind the botnets generate revenue by renting out spamming time on their botnet to unethical marketing companies. The larger botnets can make upwards of US$150 000 in service revenue per day.
"A common misconception is that 'regular' people don't buy from spam. But, you have to consider the types of products people are buying. It's pirated software, knock-off watches, counterfeit designer goods, cheap drugs and prescription medicines, pornography and other adult material. The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam."
Marshal's Web site poll indicates that the number of respondents who admitted to making a purchase through spam have made multiple purchases; on average, more than two different types of purchase per person. This supports the conclusion that those who buy from spam make a habit of it.
"The other way to look at this situation is from a spammer's perspective. There are approximately 250 million people out there who are interested in these kinds of products and have made purchases from spam in the past. That's equivalent to double the population of Japan mixed in with every other Internet user. As a spammer - how do you reach that market without knowing specifically who these people are and with the bare minimum of expense? Easy, send lots of e-mails to everyone," concluded Anstis.
Share