|
Pharmaceutical spam can generate
more than $4,000 per day in sales, confirming that
spam continues to thrive because of those gullible
few who click through and ruin it for the rest of
us. And that's not just an estimate: a security
researcher from Sophos have combed through sales
logs as part of his investigation into the growth of
spam networks, noting that Russian affiliate partner
networks—also known as "partnerka"—are responsible
for some of the largest Canadian pharmacy spam
businesses.
Dmitry Samosseiko's report, "The
Partnerka — what is it, and why should you care?"
(PDF) focuses largely on these Russian networks and
how they drive traffic, advertising, and more. Not
surprisingly, online pharmaceuticals tend to be a
very popular affiliate business, with one of the
largest being one called GlavMed. GlavMed itself
claims to be strongly anti-spam, but it has a sister
company called "SpamIt," a private group of e-mail
spam affiliates that researchers suspect are also
behind the Storm, Waledec, and Conficker botnets.
Samosseiko discovered a
wide-open PHP backend to GlavMed that contained
evidence that the company is indeed set up to
benefit largely from spammers. This involves
e-commerce software for spammers to launch their own
GlavMed copies or to simply set up domains that
redirect to GlavMed. Additionally, some of the
documents Samosseiko discovered were sales records,
giving a glimpse into the purchasing behavior of
GlavMed's targets.
According to the sales records
from GlavMed, there were apparently more than 20
purchases per day per spam campaign, with GlavMed
claiming a 40 percent commission on each sale. With
an average purchase of around $200, that adds up to
over $4,000 total per day per campaign (or $1,600
for GlavMed). As you can imagine, that total easily
multiplies if more than one spam blast is run per
day thanks to different affiliates, and it continues
to skyrocket when we consider how many different
online pharmacies exist that benefit from spam,
including Stimul-cash.com, Rx-partners, Rxcash.biz,
Evapharmacy, Rx-Signup.com and DrugRevenueget.
Clearly, the amount of cash
being made makes spamming a worthwhile
investment—even a small percentage of users making
purchases can result in big returns. Earlier this
year, the Messaging Anti-Abuse Working Group (MAAWG)
released a report stating that 52 percent of e-mail
users had clicked on a spam e-mail, with
12 percent of those doing so because they were
actually interested in the product or service
being offered. "Although a small percentage of the
computing population, these numbers still earn a
significant enough return on investment to support a
booming spam-driven underground economy," wrote
MAAWG.
|
