So much spam, so few scams

by Dan Westell, CBCNews.ca

Four California computer scientists have taken the classic advice to investigative reporters - follow the money - in the ongoing fight against spam. So they did, and think they may have nailed a way to go after spammers.
Junk e-mails are not about themselves, but about luring the naïve to sites where they can be separated from their money.

So the University California San Diego researchers set out to see what they could learn about the relationship between the ads (spam) and the money-making schemes (scams) where the spam sends the victims. Their paper concludes that a spam campaign that can run to millions of messages usually - in 94 per cent of more than a million spams they analyzed - directs victims to single server for the scam.

"Our findings suggest that the current scam infrastructure is particularly vulnerable to common blocking techniques such as blacklisting,” said UCSD professor Geoff Voelker.

“A single takedown of a scam server or a spammer redirect can curtail the earning potential of an entire spam campaign,” the four wrote.

The paper, which outlines a new analytical technique they developed called "spamscatter," will be presented at the Advanced Computing Systems Association security conference in Boston.