Study: Viagra spam is profitable, but margins are tight

Spam sent by the Storm network could be generating up to $3.5 million per year in revenue a year for pharmaceutical product sales.

One of the most notorious networks of hacked computers used for sending spam could be generating as much as US$3.5 million per year peddling drugs such as Viagra, according to new research.

While filters used by e-mail providers Yahoo, Google and Microsoft halt a vast amount of spam, messages squeak through and reach receptive buyers.

The study was carried out by infiltrating the Storm botnet, a robust peer-to-peer system that commands millions of hacked computers to send spam campaigns.

The researchers modified Storm's command-and-control system to insert their own links in spam messages that lead to Web sites they created instead of the one's spammers were advertising.

One of the Web sites advertised pharmaceuticals, and the other mimicked an e-postcard site. E-postcard spam often leads to Web sites that try to infect PCs with malicious software that causes the machines to send Storm-related spam.

Both sites the researchers created were harmless: The drug site would return an error if someone tried to buy something, and the e-postcards site contained a benign executable. The sites reported attempted purchases and whether the executable ran.

The researchers monitored how many messages reached inboxes and whether the messages lead to a purchase or infected a PC with malware.

Over the course of the spam campaigns, some 469 million e-mails were sent. Of the 350 million pharmaceutical messages, 10,522 users visited the site, but only 28 people tried to make a purchase, a response rate of .0000081 percent.

"However, a very low conversion rate does not necessarily imply low revenue or profitability," the researchers wrote.

The average purchase price was $100. Calculating how much pharmaceutical spam Storm sends out daily, revenue could top US$7,000 per day. Per year, revenue would hit US$3.5 million.

"This number could be even higher if spam-advertised pharmacies experience repeat business," they wrote.

Still, sending spam is expensive. It would cost upwards of US$25,000 to send 350 million messages, which is too much to likely make a profit on the conversion rate observed.

The researchers said it suggests a business model where those running the Storm botnet are also involved in running the drug Web sites.

"If true, the hypothesis is heartening," they wrote. "It suggests that the third-party retail market for spam distribution has not grown large or efficient enough to produce competitive pricing."

The upshot is that spammers and Storm network operators may be working on tight margins in order to make a profit, and their campaigns are "economically susceptible to new defenses," the study said.

The response rate to spam luring people to e-postcard sites was higher. The researchers estimated that a Storm self-propagation campaign, which seeks to infect new PCs to maintain the network, could result in 3,500 to 8,500 new bots per day.

The research was done by the computer science departments of the University of California at its Berkeley and San Diego campuses.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags storm wormspam

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?