Spam on the Web 2.0
The internet has been with us for a while now: last year the World Wide Web celebrated its twentieth birthday. I found my way onto it roughly halfway down that road, and ever since I registered my first e-mail address (a Hotmail account, its name inspired no doubt by something I thought was really deep at the age of 12, although I cannot for the life of me remember what it was) there has been a constant presence of strangers in my inboxes, fairly harmless strangers, but still a bit unsettling. Of course I’m talking about the incessant barrage of spam.
My Life with Spam
Growing up with the Internet, I learned quickly enough how to distinguish spam e-mail, what links and ads not to click and what attachments not to open. I figure that even those who did not have the benefit of youth to pick up these skills will probably have acquired some proficiency in them by now, so who is left to click on those links? Could these spammers really still be making money?
But, there it is: no longer in my Inbox, but neatly filtered into a separate Spam folder, my Gmail account is still receiving spam almost daily. Most of it seems too ridiculous to be believed. Can anyone take these e-mails about enhanced sexual prowess serious anymore? Why would WhatsApp be e-mailing me about voice mails? They’re a messaging service for crying out loud. I’ve never even played World of Warcraft and for some of these e-mails, the subject and sender seem to have nothing to do with one another.
Of course, all the e-mails are also written in terrible English, generated by Google Translate most likely. Sophia Graham’s FRIENDSHIP LETTER is the most interesting one of the lot:
My name is Sophia Graham,How are you doing? I am sorry to encroach into your privacy in this manner,I was searching for an old friend, when i stumbled on your profile. I find it pleasurable to offer you my friendship. I saw your profile today and became interested in you. Please I want to be a true friend and a close confident friend with you,and i would love to have communication with you.lets know each other better and i will send you my photos and tell you more about myself as soon as i get a mail from you i will send you my photos to you so that you can know me ok!!! i will like to be a very good friend with you, i am waiting to hear from you soon in my mail box . thanks.
Sophia.My Spam folder.
Well, isn’t that heartwarming? Doesn’t Sophia seem like a nice gal? I wonder who wrote this and what they expected to gain from sending me this.
Let’s back up a little, though. I said that spam was a constant presence; but something has changed lately. In years past, this same e-mail account received hundreds of spam messages every month, even up to a thousand at some point. But now, I find only twenty messages from the past thirty days. Those harmless strangers seem not to be visiting me quite so often anymore; where did they go?
I imagine that, with the advanced spam filters that are standard issue for any major e-mail provider nowadays (I’ve literally not had any spam bypass Gmail’s filter for years) spam e-mails may not be so profitable anymore. Perhaps I shouldn’t be surprised at the spam I’m not getting anymore, but at that which I still am. These strangers who have not left me, they make me wonder.
Who are you…?
What drives you…?
…Are you okay?
The Current State of Spam: The Partnerka Affiliation Networks
So, I did a little research. It turns out I was more or less right. With all the countermeasures against spam e-mails – spam filters, legal measures, etc. – it has become much harder to make them worth the trouble. In essence, spam e-mails are only profitable (and worth the legal risk) anymore if you can send them out in very, very large numbers. This circumstance has left only the biggest players in the game. (Incidentally, some big-time spammers, e-mail and otherwise, are quite well known. Some of them are up, complete with cute selfies, over at Spamhaus.)
Does that mean dubious advertising is on its way out? Well, maybe spam e-mails are on the decline, but otherwise the spam business is going very strong, although it’s changing shape. As the Internet has evolved into Web 2.0, where social media and other forms of interactive and user-generated content dominate, so the spam industry is evolving into Spam 2.0, as Dmitry Samosseiko puts it. Samosseiko works in the research department of Sophos, a cybersecurity company, and he authored a review of the so-called Partnerka: Russian affiliation networks that work to drive large amounts of traffic to websites; mostly the kind that sell knock-off watches and off-brand Viagra. The affiliates then take a substantial percentage of the profits (up to 30-50%) of the sales they bring in.
You can find the paper here. Samosseiko tells us about some of the newer techniques spammers have turned to in order to circumvent all the spam defenses that have been put up over the last decade. Of course, spam advertising isn’t going away. Spam e-mail has become a more difficult business, but there are plenty of new vehicles for spam messages such as social media or blog comments.
And there’s more, such as black-hat SEO (Search Engine Optimization): various tricks are employed to get websites to the top of your search results that have no business being there. Malware, illicit software tacitly installed on your computer, is also widely employed, not just to direct you to the spammers’ websites, but also to turn your computer into a bot that can be used to send out spam and circumvent IP blocks.
The Spam Apparatus
To make all these tricks work, big-time spammers have a lot of machinery at their disposal. We, the user, only see the spam message, the flashing ad or the search engine results, but what happens when someone actually clicks the spammers’ links is another story entirely. Researchers from UCSD dove into the world of spam affiliation networks to find out how they worked, what resources they used and how they might be inconvenienced. (Find the paper here.)
The affiliation network needs web servers, to host their sites, domain names for their websites and actual webshops to link to. Because such services as domain name servers are susceptible to shutdown requests if there are complaints about the spammers’ activities, large spam operations tend to either host their own servers or contract third parties dedicated to just this type of activity and proclaimed to be `bulletproof’ against take-downs.
When a user is eventually brought, through dubious methods, to the store website and is actually enticed to buy a fake Rolex or some herbal remedy to improve his potency, the sale has to be handled. (Perhaps surprisingly, there is genuine business going on at the end of the day in most cases; the goods you’re buying are sketchy, but you’re usually actually getting them rather than just being scammed out of your credit card information, apparently. I’m not trying it out for myself, though.) Someone has to supply the goods and ship them to the customer and the payment has to be handled, involving banks and credit card companies willing to do business with the affiliation networks. All of these resources are required to allow the spammer networks to operate.
So, spam is serious business and, understandably, an interesting career opportunity for the computer-savvy in e.g. Eastern Europe. It’s a multi-million-dollar industry and it’s shrouded in secrecy; you don’t just walk onto the scene without a strong rep. It could be the setting of the next crime-busting action-packed blockbuster.
The spammers’ activities are at least partially illegal and mostly unethical, but they are catering to a need, because there are plenty of people who click their links and buy their stuff. And so the spam apparatus is probably as strong as it ever was, or stronger still, even if the flood of spam e-mails is abating.
I think I might just start missing those harmless strangers sending me their silly spam.