Spam accounts for a large portion of the email exchange on the Internet. In addition to being a nuisance and a waste of costly resources, spam is used as a delivery mechanism for many criminal scams and large-scale compromises. Most of this spam is sent using botnets, which are often rented for a fee to criminal organizations. Even though there has been a considerable corpus of research focused on combating spam and analyzing spam-related botnets, most of these efforts have had a limited view of the entire spamming process. In this paper, we present a comprehensive analysis of a large-scale botnet from the botmaster's perspective, that highlights the intricacies involved in orchestrating spam campaigns such as the quality of email address lists, the effectiveness of IP-based blacklisting, and the reliability of bots. This is made possible by having access to a number of command-and-control servers used by the Pushdo/Cutwail botnet. In addition, we study Spamdot.biz, a private forum used by some of the most notorious spam gangs, to provide novel insights into the underground economy of large-scale spam operations.
@inproceedings{Stone-Gross2011The_Underground,
title = {{The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-scale Spam Campaigns}},
author = {Stone-Gross, Brett and Holz, Thorsten and Stringhini, Gianluca and Vigna, Giovanni},
booktitle = {Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats},
series = {LEET},
month = {March},
year = {2011},
address = {Berkeley, CA, USA},
pages = {4--4},
publisher = {USENIX Association},
url = {http://dl.acm.org/citation.cfm?id=1972441.1972447}
}