Spam Campaigns Hosted on Single Web Server Capping Scam Earnings

Computer scientists at the University of California, San Diego (UCSD), issued a report on August 6, 2007, which says that the infrastructure employed for spam distribution is 'strikingly different' from the infrastructure put to gather victims' responses. The net outcome is that a single Web server collects the responses of individual spam.

The scientists conducted a study on a spam feed over a period of one week using recent approaches for Internet monitoring that UCSD developed. They analyzed Web servers hosting Internet scams some of which used phishing, rootkits, or spyware to defraud users and other that offered goods or services like pharmaceuticals, mortgages or luxury watches.

The research found that on the basis of an analysis of more than 1 Million spam mails, 94% of the link-advertised scams were being hosted on a single Web server.

There may be numerous relay agents to send out countless spam mails, but the campaign uses only one server to collect responding recipients' requests. Use of a single server by a scam or use of a spammer redirect could reduce the spam campaign's earning potential, said the computer scientists at UCSD. Vnunet.com reported this on August 7, 2007.

The scientists noted the locations of the servers and seized screenshots of the destination Web pages of the spam URL. On the basis of these screenshots, they classified the scams into groups with the help of a technique known as "image shingling".

This approach appears similar to Web pages using images delivered in a browser instead of URL text, source of HTML, or contents of spam mail. In image shingling, scammers design their Websites only with images that help them to evade detection mechanisms by foiling the latter's techniques.

With the help of this method, the computer scientists detected the scams across different servers and domains and informed on shared and distributed infrastructure, longevity, location and stability.

UCSD's "spamscatter" method enabled the research, which facilitated the scientists to analyze 1 Million spam mails coming from a live feed. Spamscatter enables to dig out e-mails, spot URLs, and follow the links to the Web pages of the target server.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 8/22/2007