Click Trajectories: End-to-End Analysis of the Spam Value Chain

This paper is awesome:

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.
Tags: ,

5 Responses:

  1. Lloyd says:

    But were the drugs any good?

    Clearly, they need a biochemist coauthor.

  2. Art Delano says:

    Great comment from one of the people on the project, in which one of the spammers phones him to investigate a pattern of suspicious purchases.

    • jwz says:

      That is fantastic!

      "Had you told me when I came to grad school in computer science that I would be buying drugs, carrying burner phones and answering phone calls as names like 'Sanjoy Sanchez,' I probably would not have believed you. "

  3. Sploggle says:


    Mass spec analysis showed that the correct active ingredient was present in roughly the same concentration in the pills we ordered compared to the store-bought brand version of the drug

  4. Keith says:

    NPR interview. "Spamalytics"!

    May 26, 2011
    Robert Siegel speaks with Stefan Savage, a computer science and engineering professor at the University of California, San Diego. Savage is a co-author of a new study that looks at why 95 percent of credit card transactions for spam-advertised products are processed by only three financial companies — and what this information can do to help stop spam.