Meet Average-Joe Spammer
Tom Spring, PC World
Tip of the MonthWatch Out for Holiday-Related Scams. Phishers love the
holiday season because they view the boost in online shopping as an
opportunity: The security firm AppRiver reports that spam volumes
nearly double over the holidays. Be particularly on guard for e-mail
messages that purport to come from your credit card company or your
favorite online merchant.
It's tough being an average-Joe spammer these days. Divorced and in
his 40s, Mike has two kids to help support, a skyrocketing home
heating bill, and a mortgage. And spamming just isn't paying the bills
like it used to.
In the heyday of his spamming career, from 1997 to 2000, profiting
from sending out unsolicited bulk e-mail was easy, Mike says. On an
average month he made $40,000 pelting millions of inboxes with
spam. Now, he complains, spam filters have become too effective and
block most of his e-mail. Also, he adds, spamming for a living has
become increasingly risky, as evidenced by recent arrests of--and
fines imposed on-spammers. He himself is currently being sued by a
large ISP for using illegal methods for sending spam, he says.
"Spamming becomes a little more unprofitable and a little more
high-risk every day," says Mike, who agreed to be interviewed on
condition that his real name be withheld. "I don't know why I still do
it."
In fact, spam is no longer Mike's sole, or even principal, source of
income. He now works in construction by day and devotes only 20 hours
a week at night to spam.
And because of the lawsuit, Mike has changed the nature of his
activities. He makes $500 a week by selling lists of IP addresses for
compromised computers, sometimes called zombie PCs -- systems that
have been hijacked by a hacker so that they can be used to send
spam. The people who own these computers (which can be in homes or
businesses) have no idea their PCs are being used for such
purposes. By routing junk e-mail through these PCs, spammers can hide
their identity and can also save money on the bandwidth required to
send large volumes of e-mail.
Mike either buys the lists of compromised PCs from hackers and fellow
spammers, or he gets them free from sites run by spammers, such as the
Russian-based FreeProxy.RU. Once he gets a list, he checks the
validity and quality of the addresses, weeding out those that don't
respond or that have been put on spam blacklists. He then sells the
"cleaned" lists of zombie PCs to other spammers.
Mike is one of the thousands of spammers in the world who make up the
majority of junk e-mail purveyors. "There are only a few dozen spammers
worldwide that are making 90 percent of the spam profits," he says.
"The rest of the bulk e-mailers are people like me."
After I found Mike through a Web site where spammers meet and share
tips, he agreed to a phone interview. Here is an edited transcript of
that conversation.
Interview With a Spammer
Q: Don't you think what you do is wrong?
A: I don't care what people think. If nobody was really interested in
spam and never bought anything that was advertised to them, spam would
go away. But people are interested in spam. As long as people buy
things advertised in spam then people like me will send bulk
e-mail. Are we really that different from so-called legitimate bulk
e-mailers? I don't think there is a whole lot of difference.
Q: Why don't you send bulk e-mail legally? The Controlling the Assault
of Non-Solicited Pornography and Marketing Act [the federal law
regulating unsolicited bulk e-mail] allows you to.
A: You are correct. CAN-SPAM created a lot of opportunity for
spammers. However, playing by the rules is too risky, and it's bad
for business. Here is what I mean.
The only way spammers can sneak by an ISP's anti-spam filter these
days is by tricking spam filters. The techniques to trick anti-spam
filters are illegal, according to CAN-SPAM -- not to mention a growing
number of state anti-spam laws. To get past spam filters you can't
play by the rules.
Those illegal spammers who try to go legit are finding themselves in
court for violating different anti-spam laws. CAN-SPAM was great
because there was one law to abide by for sending bulk e-mail. Now
ISPs and states are coming after us. If you want to be sure you don't
end up in a court, don't let them find you.
Q: Are anti-spam laws and better filters working to stop spammers?
A: Yes. Today big ISPs block e-mail from suspicious sources. They
filter out spam based on e-mail addresses, words, links in the e-mail,
pictures, or anything. For people like me it's just not worth it
anymore. However, this forces a lot of spammers to send more spam.
In the old days you could earn, say, $1000 by sending out 20,000 spam
messages. Today, to earn $1000, you have to send out 2 million spam
messages or more.
The better filters get, the more determined we will get. It's not as
if spammers really want to break the law. It's just that we are
looking for any edge possible to get past the filter. Right now we are
targeting smaller ISPs that don't have a lot to spend on good spam
filters.
Q: So why spam, if it's getting riskier and less profitable?
A: Good question. For me, it's what I know how to do. And I just would
hate to give up. It's like admitting defeat. But I am planning on
quitting this spring.
Q: How did you make money when you were actually sending out spam?
A: For me it was mortgage and debt consolidation leads. For every
person that called a mortgage broker based on my e-mail I would earn
between $22 and $26. Dating sites would pay me $2 for every trial
membership I brought them, and $15 for anyone who joined.
Q: What does the future of spam look like for average-Joe spammers?
A: Not good. The capital investment in computers and software required
to make it worth the risk is enormous. A lot of people younger than me
are spamming. But for a lot of people like myself, it's no longer easy
money. We are throwing in the towel.
Q: So you are seeing a changing of the spam guard, so to speak?
A: Here is the deal. Spammers make money through advertising. And
spammers today are diverse. They work with adware; they control
botnets of computers; they are virus writers. Today's spammers don't
just want to sell you Viagra; they want to trick you to into handing
over your credit card number, or infect your system and turn it into a
zombie.
Q: Will spam ever go away?
A: Spam will never go away. Filters may get better and more spammers
may get arrested, but there will always be spammers. We adapt. I don't
know what the next great spamming technique will be. But I can promise
you spammers are working on it right now.
As I said before, so long as people click on spam and buy things
advertised in their inboxes, spam will exist.
Copyright 2005 PC World Communications, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, PC World Communications, Inc.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Tom Spring (pcworld@telecom-digest.org)