The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns

Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, Giovanni Vigna

USE­NIX Work­shop on Lar­ge-Sca­le Ex­ploits and Emer­gent Thre­ats (LEET), Boston, MA, March 2011


Spam accounts for a large portion of the email exchange on the Internet. In addition to being a nuisance and a waste of costly resources, spam is used as a delivery mechanism in a number of different criminal scams and large-scale compromises. Most of this spam is sent using botnets, which are often rented for a fee to criminal organizations. Even though there has been a considerable corpus of research focused on combating spam and analyzing spam-related botnets, most of these efforts have had a limited view of the entire spamming process. In this paper, we present a comprehensive analysis of a large-scale botnet from the botmaster’s perspective, that highlights the intricacies involved in orchestrating spam campaigns such as the quality of email address lists, the effectiveness of IP-based blacklisting, and the reliability of bots. This is made possible by having access to a number of command-and-control servers used by the Pushdo/Cutwail botnet. In addition, we study, a private forum used by some of the most notorious spam gangs, to provide novel insights into the underground economy of large-scale spam operations.


tags: spam, underground economy