The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-scale Spam Campaigns

Authors

Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna

Venue

Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), March 2011

Abstract

Spam accounts for a large portion of the email exchange on the Internet. In addition to being a nuisance and a waste of costly resources, spam is used as a delivery mechanism for many criminal scams and large-scale compromises. Most of this spam is sent using botnets, which are often rented for a fee to criminal organizations. Even though there has been a considerable corpus of research focused on combating spam and analyzing spam-related botnets, most of these efforts have had a limited view of the entire spamming process. In this paper, we present a comprehensive analysis of a large-scale botnet from the botmaster's perspective, that highlights the intricacies involved in orchestrating spam campaigns such as the quality of email address lists, the effectiveness of IP-based blacklisting, and the reliability of bots. This is made possible by having access to a number of command-and-control servers used by the Pushdo/Cutwail botnet. In addition, we study Spamdot.biz, a private forum used by some of the most notorious spam gangs, to provide novel insights into the underground economy of large-scale spam operations.

BibTeX

@inproceedings{Stone-Gross2011The_Underground,
  title     = {{The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-scale Spam Campaigns}},
  author    = {Stone-Gross, Brett and Holz, Thorsten and Stringhini, Gianluca and Vigna, Giovanni},
  booktitle = {Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats},
  series    = {LEET},
  month     = {March},
  year      = {2011},
  address   = {Berkeley, CA, USA},
  pages     = {4--4},
  publisher = {USENIX Association},
  url       = {http://dl.acm.org/citation.cfm?id=1972441.1972447}
}