Page 2 of 3   <       >

How Does So Much Spam Come From One Place?

Evidence collected by anti-spam groups strongly suggests that not only was McColo hosting major gateways for the sending of spam, but it also was home to the most world's most aggressive e-mail address harvesting services.

In the underground spam economy, e-mail addresses are a valuable commodity, as they represent both the beginning and end points of any junk e-mail operation. Spam distribution lists typically are assembled using automated computer programs, or "bots," that continuously trawl millions of Web sites much the way that search engines do -- scouring them for e-mail addresses.

The addresses are then sold to spam networks, which use them as not only the destination for their junk e-mail, but also as the apparent source -- by "spoofing" the messages to make them appear as though they were sent by real, live e-mail users.

In many cases, those responsible for harvesting e-mail addresses are not the same people sending the spam, but rather individuals who will sell the lists to known spam operators.

Matthew Prince, chief executive of Unspam Technologies and founder of Project Honey Pot, a collaborative effort that secretly gathers intelligence about the world's largest spam networks, has tracked the spam harvesting bots hosted at McColo for more than two years.

Project Honey Pot's free technology, which is deployed at more than 20,000 Web sites, tries to track these crawler bots by assigning a unique "spam trap" e-mail address to each participating site. The dummy addresses are designed to be difficult for humans to find but very easy for the bots to gather. The project's software then records the Internet address of any visitor and the date and time of the visit. Because those addresses are never used to sign up for e-mail lists, the software can help investigators draw connections between harvesters and spammers if an address generated by a spam trap or "honey pot" later receives junk e-mail.

Prince said statistics from Project Honey Pot suggest that crawler bots hosted at McColo are responsible for more than 30 million spam messages sent to the project's e-mail traps since June 2006.

"And our spam traps constitute a tiny fraction of the e-mail addresses in the world," Prince said.

The project estimates that each e-mail address harvested by bots at McColo could expect to receive an additional 2,000 junk e-mail messages a year as a result. Such activity could have major implications for businesses that list large numbers of employee e-mail addresses on their Web sites.

"Consider what this activity means for, say, a single law firm that publishes on its site the e-mail addresses for each of its 50 attorneys," Prince said. "After the firm's site gets crawled by the bots at McColo, that means that firm can expect to receive at least 100,000 more pieces of spam than it would have otherwise."

While there are hundreds of millions of e-mail addresses already registered, spammers need every address they can get their hands on because such a tiny percentage of people who receive the messages actually buy anything from them.

A study by University of California researchers released in October estimated that the criminals behind the Storm worm -- which powered a botnet once responsible for sending about 20 percent of all spam -- made on average between $7,000 and $9,000 a day sending pharmaceutical spam. But the Storm worm purveyors had to send prodigious amounts of spam to gin up a single customer: The researchers found that while only about 1 in every 12 million spam e-mails turned into a sale, that was enough to keep the spammers in business.

<       2        >

© 2008 The Washington Post Company