UCSD Computer Scientists Follow Spam-Scam Trails

• By Paul McCloskey
• 09/14/07

In a study of more than 1 million spam e-mails, computer scientists at the University of California, San Diego have concluded that most scams are hosted by individual Web servers even though thousands of compromised computers might be used to relay spam to end users.

The researchers studied a spam feed over the course of a week, analyzing spam-advertised Web servers hosting online scams for merchandise and services or those using phishing or spyware to defraud users.

Nearly all (94 percent) of the scams advertised via embedded links are hosted on individual Web servers, according to the researchers, who are affiliated with the California Institute for Telecommunications and Information Technology (Calit2) and the Collaborative Center for Internet Epidemiology and Defenses (CCIED).

"A given spam campaign may use thousands of mail relay agents to deliver its millions of messages, but only use a single server to handle requests from recipients who respond," according to a paper the research team wrote on their findings. "A single takedown of a scam server or a spammer redirect can curtail the earning potential of an entire spam campaign."

"The availability of scam infrastructure is critical to spam profitability. Our findings suggest that the current scam infrastructure is particularly vulnerable to common blocking techniques, such as blacklisting," said Geoff Voelker, a computer science and engineering professor at the UCSD Jacobs School involved in the study.

Read More:

• UCSD Research (PDF)
• Calit2