Spam Analytics: Exploring the Technical and Economic Factors in Bulk Email Scams

Date: 
Monday, March 29, 2010 - 8:50am

COMPUTER ENGINEERING PROGRAM COLLOQUIUM SERIES
sponsored by Hewlett-Packard Labs

MONDAY, April 5, 2010
2:00 PM – 3:00
Harold Frank Hall, Rm 1132 (CS Conference Rm)

HOST: Computer Engineering Program

SPEAKER: Geoffrey M. Voelker, UC San Diego

Title: “Spam Analytics: Exploring the Technical and Economic Factors in Bulk Email Scams”

Abstract:

Today, the large-scale compromise of Internet hosts serves as a platform for supporting a range of criminal activity in the so-called Internet underground economy. By far the best known example of this activity is unsolicited bulk email (spam), which has become the de facto delivery mechanism for a range of criminal endeavors, including phishing, securities manipulation, identity theft, and malware distribution.

The “conversion rate” of spam — the probability that an unsolicited email will ultimately elicit a “sale” — underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. In this talk I will present a methodology for measuring the conversion rate of spam. Using a parasitic infiltration of an existing botnet’s infrastructure, we analyze two spam campaigns: one designed to propagate a malware Trojan, the other marketing on-line pharmaceuticals. For over 240 million spam e-mails we identify the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised site, and the number of “sales” produced.

This work is in collaboration with Brandon Enright, Chris Kanich, Christian Kreibich (ICSI), Kirill Levchenko, Vern Paxson (ICSI/Berkeley), and Stefan Savage. It is part of a larger effort within the Collaborative Center for Internet Epidemiology and Defenses (CCIED), a joint NSF Cybertrust Center with UCSD and ICSI (http://www.ccied.org).

Biography:

Geoffrey M. Voelker is a Professor at the University of California at San Diego. His research interests include operating systems, distributed systems, and computer networks. He received a B.S. degree in Electrical Engineering and Computer Science from the University of California at Berkeley in 1992, and the M.S. and Ph.D. degrees in Computer Science and Engineering from the University of Washington in 1995 and 2000, respectively.