http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9027299
By Jeremy Kirk
July 18, 2007
IDG News Service
"Ed," a retired spammer, built a considerable fortune sending e-mails
that promoted pills, porn and casinos. At the peak of his power, Ed says
he pulled in $10,000 to $15,000 a week, storing the money in $20 bills
in stacks of boxes.
It was a life of greed and excess, one that preyed especially on
vulnerable people hoping to score drugs or win money gambling on the
Internet. From when he was expelled from high school at 17 until he quit
his spam career at 22, Ed -- who does not reveal his full name but
sometimes goes by Spammer-X -- was part of an electronic underworld
profiting from the Internet via unsolicited commercial e-mails.
"Yes, I know I'm going to hell," said Ed, who spoke in London today at
an event hosted by IronPort Systems Inc., a security vendor owned by
Cisco Systems Inc. "I'm actually a really nice guy. Trust me."
Quick-witted and affable, and sporting an earring, there was a time when
Ed wasn't so nice. He sent spam to recovering gambling addicts enticing
them to gambling Web sites. He used the e-mail addresses of people known
to have bought anti-anxiety medication or antidepressants and targeted
them with pharmaceutical spam.
In short, Ed said he was "basically what people hate about the
Internet."
He spent 10 hours a day, seven days a week studying how to send spam and
avoid filtering technologies in security software designed to weed out
garbage e-mail. Most spam filters are effective 99% of the time. Ed
aimed for that remaining window, using tricks such as including slightly
different images in his spam, which can fool filters into thinking the
e-mail is legitimate.
"The better I got at spam, the more money I made," Ed said.
He would start a spam run by finding an online merchant who wanted to
sell a product. Then he'd acquire a list of e-mail addresses, another
commodity that has spawned its own market in the world of spam. He'd
also set up a domain name, included a link in a spam message that, if
clicked, would redirect the recipient to the merchant's Web site,
enabling Ed to get credit for the referral.
The spam would then be sent from a network of hacker-controlled
computers, called botnets. Those machines are often consumer PCs
infected with malicious software that a hacker can control. Ed would
"rent" time on those computers from another group of hackers who
specialized in creating botnets.
If one of the spam recipients bought something, Ed would get a
percentage of the sale. For pharmaceuticals, the commission was around
50%, he said.
Response rates to spam tend to be a fraction of 1%. Ed said he once got
a 30% response rate for a campaign. The product? A niche type of adult
entertainment: photos of fully clothed women popping balloons.
To track the money, merchants set up a "referral sales page" where
spammers can see how much they make from a spam run. Ed would log in
frequently, watching the money increase. He was paid into electronic
payment transfer accounts, such as e-gold or PayPal, or into his debit
card account, which he could cash out in $20 bills.
That was a problem when the cash became voluminous. He says he made
$480,000 in his last year of spamming. But the lifestyle of being a
spammer was taking a toll. In essence, he had no life.
It's hard to go into a bar and explain your job to a woman by saying, "I
advertise penis enlargement pills online," Ed said. "It doesn't go down
very well."
He rationalized his actions by saying spamming is not like robbing
someone, although the lurid impact of spam was clear. Some 9 million
Americans have some dependence on prescription drugs, Ed said, and he
noticed that the same people were buying different drugs each month.
"These were addicts," he said.
In addition, he said, "the product is always counterfeit to some degree.
If you're lucky, sometimes it's a diluted version of the real thing."
Viagra is cut with amphetamines, and homemade pills are common from
sketchy labs in countries such as China, India and Fiji, Ed said.
So Ed got out of the business. He has written a book, Inside the Spam
Cartel: Trade Secrets from the Dark Side [1] (Syngress, 2004), which he
said has drawn interest among law enforcement officials eager to learn
more about the spam business, which he predicted will only get worse.
As broadband speeds increase, spammers will increasingly try to market
goods by making voice-over-IP calls or sending out videos, Ed said. The
ultimate unsolvable problem is users who continue to buy products
marketed by spammers, making the industry possible.
"I think in 10 years, we'll still get spam," Ed said. "Be prepared to be
bombarded."
[1] http://www.amazon.com/exec/obidos/ASIN/1932266860/c4iorg
Received on Thu Jul 19 00:30:57 2007