Spam accounts for a large portion of the email exchange on the Internet. In addition to being a nuisance and a waste of costly resources, spam is used as a delivery mechanism for many criminal scams and large-scale compromises. Most of this spam is sent using botnets, which are often rented for a fee to criminal organizations. Even though there has been a considerable corpus of research focused on combating spam and analyzing spam-related botnets, most of these efforts have had a limited view of the entire spamming process. In this paper, we present a comprehensive analysis of a large-scale botnet from the botmaster's perspective, that highlights the intricacies involved in orchestrating spam campaigns such as the quality of email address lists, the effectiveness of IP-based blacklisting, and the reliability of bots. This is made possible by having access to a number of command-and-control servers used by the Pushdo/Cutwail botnet. In addition, we study Spamdot.biz, a private forum used by some of the most notorious spam gangs, to provide novel insights into the underground economy of large-scale spam operations.
@inproceedings{Stone-Gross2011The_Underground, title = {{The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-scale Spam Campaigns}}, author = {Stone-Gross, Brett and Holz, Thorsten and Stringhini, Gianluca and Vigna, Giovanni}, booktitle = {Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats}, series = {LEET}, month = {March}, year = {2011}, address = {Berkeley, CA, USA}, pages = {4--4}, publisher = {USENIX Association}, url = {http://dl.acm.org/citation.cfm?id=1972441.1972447} }