Since last Wednesday, the torrent of junk e-mail coursing through the internet has been slowed dramatically, with 40 percent or more of it cut off at the source.
The source of all that spam? San Jose, California. That’s where a group of servers responsible for much of the world’s spam had been operating until they were severed from the internet last week.
The servers had controlled some of the world’s biggest botnets, the legions of hijacked personal computers that flood your inbox with ads for male-enhancement drugs.
The shutdown could be a major blow to spammers’ finances. Every day the botnets remain down means revenue lost. But how much revenue?
Nobody knows for sure, but a team of computer scientists at U.C. Berkeley and U.C. San Diego with an ingenious plan recently reported the first-ever hard numbers on the economics of spam.
After taking over part of an existing botnet, the Berkeley team waged its own spam campaign, sending out almost 350 million pieces of junk e-mail over 26 days. By the end of their trial, they had netted a whopping 28 sales. That’s about one response for every 12.5 million e-mails sent, a conversion rate of less than 0.00001 percent.
They estimate the yearly revenue of the botnet they had infiltrated at around $3.5 million (their full paper is available here).
To put that in perspective, spam costs U.S. companies $33 billion a year in lost productivity, according to one estimate, and $100 billion worldwide.
That means it seems likely the spam industry generates far less wealth than it destroys.
But the parasitic scam will remain with us as long as one in every 12 million or so of us buys the product they’ve been spammed for.
So what are the characteristics of the 28 good souls who decide to click on through and make a purchase?
and 
. You can also watch it on 
What really gripes me is is that these spammers are obviously smart enough to create this botnet – why can’t they use their smarts to make legit money?
The ISP in question was not the “source” of the spam. It contained a fair number of machines used for controlling the machines that send the spam out (usually peoples personal computers).
@RKReed
Whether it was a holiday or not is irreverent. Botnets don’t take days off. But I do agree with you that the percentage reported is too high. Besides – the number has returned to normal by now.
Two comments:
1) I know corporations are opposed to giving away something for nothing, but it seems to me that donating 1/1000th of your anti-spam budget to an organization that would create good, free antivirus software would help to prevent the botnet problem, ultimately reducing everyone’s costs. I know a lot of people know that viruses are out there, but don’t really want to pay the $50 for antivirus software (esp. younger people more likely to be on the net). This really is a collective action problem where a collective approach is more likely to result in a lower priced solution.
2) I think we will always be stuck with spam so long as it costs nothing to send spam. Introducing an email “stamp” system, where every email cost some de minimis amount would eliminate most of the problems with spam. My guess is that most ISPs would set things up so that you had 1000 or more free emails a month, beyond that it was like one cent. Legitimate businesses would still send out their emails, because sales would likely outweigh costs. But spam operators could not survive. Based on the extremely low rate of return, you could probably make it 100 emails per cent and still dissuade most spammers (but not hamper nonprofits, political campaigns, etc.).
You all are missing the real headline number: “One in 10 people clicking through to receive the malware is a pretty sobering number,” – that is, 10% of the people getting email with links to download malware (making their machine into a bot) clicked the link! This would be the “see naked pictures of x”, “click here to restore your paypal account”, and “to stop us canceling your Visa card, click here” type emails. This is how these bot-nets get so big and why shutting down a few servers really does little good. Even shutting those down does not help since many of the infected machines have multiple malware instances installed and/or have more than one lookup location to get new instructions.
The business model for most spammers doesn’t rely on the sale of enhancement products anymore. These are pretty much all phishing scams now so look at it as 28 accounts they now have access to instead of just 28 sales
Note to self: don’t open up any emails from “frankenduf” (#3)…
Free anti-virus: AVG free by grisoft is free for home use. They don’t always make it easy to find (since they would rather sell the commercial version), but … it is a way to avoid the costs.
I was wondering why the amount of spam I receive had dropped of recently.