Hi, Whenever the topic of spam comes up, the suggest always arises that people "follow the money" to track the spammers. Sometimes, it is true, that will be useful, but it takes a rather naive approach to the spammer's business model. In many cases, spammers don't actually need to *deliver a product or service* to the person they are spamvertising to make money from sending spam. Some spammers make their money via banner advertising revenues: if they can get you to visit one of their pages (even an "unsubscribe" page), they can get "hits" for some advertising program and make money from you. Or consider pump-and-dump stock tout spam... no direct product or service needs to be delivered to a spammee for the spammer to make money, assuming he can use spam to run the stock price up and the SEC doesn't jump on traders with unusual purchase and sale patterns. In some cases, the spammer's scheme is outright fraud: one of the reasons that penis enlargement spam (or spam for Viagra or other "embarassing"-to- purchase products) is so common is that spammers are counting on people being too embarassed to admit that they (a) fell for a scam, and (b) that they were dumb enough to send cash to some PO Box in Romania, and (c) that they needed the particular product that was being spamvertised in the first place. Likewise spam for pay-per-view cable descramblers/theft of service devices and other illegal/semi-illegal products: if your pay-per-view theft of service cable descrambler provider fails to deliver a functioning theft-of-service device for your use, who are you going to complain to, the police? It is also worth noting that in many cases people are providing their name, credit credit number, and expiration date to some random server hosted somewhere in China, hmm, whaddya think, any possibility of fraud taking place? I could make fifty bucks selling some fake human growth hormone, or thousands charging stuff on a steady stream of live credit card numbers. If I had to point at the most common way to make money from spam these days, I'd bet on credit card fishing... But even routine credit card fraud pails in comparison to the costs associated with trying to regain your financial identity after it has been completely co-opted following provision of complete financial details to some "mortgage referral specialist..." And then there are the pr0n "dialer" dudes, who offer "free" access to their pr0n site, you "just" need to use their special software (which calls a 900 number somewhere in the Caribean for $15.00/minute, and/or sends more spam for them). Lastly, there are plenty of spam service providers who make money from selling email addresses, selling spam software, selling spam hosting services, you name it... in fact, some of the largest American carriers are *perfectly* willing to provide connectivity for spamvertised web sites so long as the spam doesn't actually get sent from that connectivity (and with hundreds of thousands of open proxies out there, well, there's no need for a spammer to be that gauche!) If you want to stop spam, take the time to see where spamvertised web sites are being hosted, and who's providing transit for those hosts. I've been doing this for a while now, and I can *definitely* see some pretty obvious patterns. I guess those transpacific OC3s and OC12s for "strategic" customers are just too lucrative to risk jeopardizing with trifles like enforcing terms of service... Regards, Joe
Joe, While I agree with all of your points individually, I would say that only one of them doesn't work for 'following the money'. This one being the pump-and-dump. Everything else involves a sale of some sort - Secondly, I had stated that a two-pronged approach needs to be followed. Not only following the money, but technical tracking as well - the problem here being that some of the spammers seem to not stay in one place long enough to be tracked. Regards, Lars -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Joe St Sauver Sent: Wednesday, June 18, 2003 6:58 AM To: nanog@merit.edu Subject: Spam and "following the money" Hi, Whenever the topic of spam comes up, the suggest always arises that people "follow the money" to track the spammers. Sometimes, it is true, that will be useful, but it takes a rather naive approach to the spammer's business model. In many cases, spammers don't actually need to *deliver a product or service* to the person they are spamvertising to make money from sending spam. Some spammers make their money via banner advertising revenues: if they can get you to visit one of their pages (even an "unsubscribe" page), they can get "hits" for some advertising program and make money from you. Or consider pump-and-dump stock tout spam... no direct product or service needs to be delivered to a spammee for the spammer to make money, assuming he can use spam to run the stock price up and the SEC doesn't jump on traders with unusual purchase and sale patterns. In some cases, the spammer's scheme is outright fraud: one of the reasons that penis enlargement spam (or spam for Viagra or other "embarassing"-to- purchase products) is so common is that spammers are counting on people being too embarassed to admit that they (a) fell for a scam, and (b) that they were dumb enough to send cash to some PO Box in Romania, and (c) that they needed the particular product that was being spamvertised in the first place. Likewise spam for pay-per-view cable descramblers/theft of service devices and other illegal/semi-illegal products: if your pay-per-view theft of service cable descrambler provider fails to deliver a functioning theft-of-service device for your use, who are you going to complain to, the police? It is also worth noting that in many cases people are providing their name, credit credit number, and expiration date to some random server hosted somewhere in China, hmm, whaddya think, any possibility of fraud taking place? I could make fifty bucks selling some fake human growth hormone, or thousands charging stuff on a steady stream of live credit card numbers. If I had to point at the most common way to make money from spam these days, I'd bet on credit card fishing... But even routine credit card fraud pails in comparison to the costs associated with trying to regain your financial identity after it has been completely co-opted following provision of complete financial details to some "mortgage referral specialist..." And then there are the pr0n "dialer" dudes, who offer "free" access to their pr0n site, you "just" need to use their special software (which calls a 900 number somewhere in the Caribean for $15.00/minute, and/or sends more spam for them). Lastly, there are plenty of spam service providers who make money from selling email addresses, selling spam software, selling spam hosting services, you name it... in fact, some of the largest American carriers are *perfectly* willing to provide connectivity for spamvertised web sites so long as the spam doesn't actually get sent from that connectivity (and with hundreds of thousands of open proxies out there, well, there's no need for a spammer to be that gauche!) If you want to stop spam, take the time to see where spamvertised web sites are being hosted, and who's providing transit for those hosts. I've been doing this for a while now, and I can *definitely* see some pretty obvious patterns. I guess those transpacific OC3s and OC12s for "strategic" customers are just too lucrative to risk jeopardizing with trifles like enforcing terms of service... Regards, Joe
On Wed, 18 Jun 2003, Lars Higham wrote:
Joe,
While I agree with all of your points individually, I would say that only one of them doesn't work for 'following the money'. This one being the pump-and-dump. Everything else involves a sale of some sort -
Send those to "enforcement@sec.gov". They work quietly and in the background, but they carry an impressive mallet. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
On Thu, 19 Jun 2003, Jay Hennigan wrote:
On Wed, 18 Jun 2003, Lars Higham wrote:
Joe,
While I agree with all of your points individually, I would say that only one of them doesn't work for 'following the money'. This one being the pump-and-dump. Everything else involves a sale of some sort -
Send those to "enforcement@sec.gov". They work quietly and in the background, but they carry an impressive mallet.
I prefer to call it a cluestick but whatever floats your boat will work. :) I especially like option number 5 under "SECURITY THREATS" in man 8 syslogd. Additional reporting addresses: FDA webcomplaints@ora.fda.gov Send all food and drug (pharmacueticals) complaints here. ie, weight-loss products, sexual stimulants and enhancements, etc.. FTC uce@ftc.gov Bounce *all* spam here. Period. SEC enforcement@sec.gov Send all stock scams here. Pyramid/Ponzi scams fraud@uspis.gov, pyramid@ftc.gov Send these jewels to these folks if they use the USPS. Nigerian Money Scams/419 Scams 419.fed@usss.treas.gov Send these to the US Secret Service. Also, if you're feeling bored and want to give a 419 scammer the run around, respond to them with your telephone number ((202) 406-5850) and fax number ((202) 406-5031). Tell them how overjoyed you are to be helping them with their financial problems. Take note that the numbers above are for the United States Secret Service, Financial Crimes Division. :) It my understanding that some people send their 419 complaints to the Nigerian Police at these addresses: fpro@nigeriapolice.org, 419@nigeriapolice.org It was my understanding that the many actual members of the Nigerian government are involved in these scams so YMMV and of course I could be wrong. Justin
Subject: Spam and "following the money"
Hi,
Whenever the topic of spam comes up, the suggest always arises that
"follow the money" to track the spammers. Sometimes, it is true, that will be useful, but it takes a rather naive approach to the spammer's business model.
In many cases, spammers don't actually need to *deliver a product or service* to the person they are spamvertising to make money from sending spam.
Some spammers make their money via banner advertising revenues: if
can get you to visit one of their pages (even an "unsubscribe" page), they can get "hits" for some advertising program and make money from you.
Or consider pump-and-dump stock tout spam... no direct product or service needs to be delivered to a spammee for the spammer to make money, assuming he can use spam to run the stock price up and the SEC doesn't jump on traders with unusual purchase and sale patterns.
In some cases, the spammer's scheme is outright fraud: one of the reasons that penis enlargement spam (or spam for Viagra or other "embarassing"-to- purchase products) is so common is that spammers are counting on
being too embarassed to admit that they (a) fell for a scam, and (b)
they were dumb enough to send cash to some PO Box in Romania, and (c)
they needed the particular product that was being spamvertised in the first place.
Likewise spam for pay-per-view cable descramblers/theft of service devices and other illegal/semi-illegal products: if your pay-per-view theft of service cable descrambler provider fails to deliver a functioning
device for your use, who are you going to complain to, the police?
It is also worth noting that in many cases people are providing their name, credit credit number, and expiration date to some random server hosted somewhere in China, hmm, whaddya think, any possibility of fraud taking place? I could make fifty bucks selling some fake human growth hormone, or thousands charging stuff on a steady stream of live credit card numbers. If I had to point at the most common way to make money from spam these days, I'd bet on credit card fishing...
But even routine credit card fraud pails in comparison to the costs associated with trying to regain your financial identity after it has been completely co-opted following provision of complete financial details to some "mortgage referral specialist..."
And then there are the pr0n "dialer" dudes, who offer "free" access to their pr0n site, you "just" need to use their special software (which calls a 900 number somewhere in the Caribean for $15.00/minute, and/or sends more spam for them).
Lastly, there are plenty of spam service providers who make money from selling email addresses, selling spam software, selling spam hosting services, you name it... in fact, some of the largest American carriers are *perfectly* willing to provide connectivity for spamvertised web sites so long as
Joe makes some excellent points. I have started to use the Spamcop service to help get abuse reported through the right channels. I suspect that it doesn't actually shut many people down, but it does help increase awareness of open proxies and other misbehaviors. When medical spam comes in (offering a service that I may or may not need - I leave those to your imaginations), I will often forward to the State Attorney General under the following argument. If I need the item being offered then the mechanism by which they have notified me is not one that I have specifically opted in to as required by HIPAA. If I don't need it then it is purely SPAM and contravenes those laws. I have only just started this approach, but I quite like it. My early morning session with SpamCop provides quite cathartic! Chris <snip> people they people that that theft-of-service the
spam doesn't actually get sent from that connectivity (and with hundreds of thousands of open proxies out there, well, there's no need for a spammer to be that gauche!)
If you want to stop spam, take the time to see where spamvertised web sites are being hosted, and who's providing transit for those hosts. I've been doing this for a while now, and I can *definitely* see some pretty obvious patterns.
I guess those transpacific OC3s and OC12s for "strategic" customers are just too lucrative to risk jeopardizing with trifles like enforcing terms of service...
Regards,
Joe
participants (5)
-
Christopher Bird
-
Jay Hennigan
-
Joe St Sauver
-
Justin Shore
-
Lars Higham