Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Eric Ogren

Security Impact

Spam does work

5 comments

IT TOPICS:Security

One of the fascinating things about spam is how it requires technical skill in gaming security systems followed by psychological skill in provoking human responses. A recent note distributed to the Security Metrics mailing list referred to an interesting study conducted by Laura Freider and Jonathan Zittrain titled Spam Works: Evidence from Stock Touts and Corresponding Market Activity. It shows the effectiveness of spam in spiking trading volume for a stock, with price fluctuations that are profitable for spammers and not-so-much for spammees.

The gist of the study is that spam e-mail touting a little known stock actually drives enough people to buy that the stock price moves. A spammer that invests before unleashing the stock-touting spam reduces the risks of market timing and direction of price movement, resulting in returns of approximately 5.79% in only 2 days. Not too shabby. Those people reacting to the spam find themselves buying as the price is rising, selling as the price drops after the spam campaign completes, and losing roughly 5.48% of their money. Not too good. The effectiveness of this ploy is evidenced by Sophos measurements which has seen stock spam explode from a mere 0.8% of all spam in January 2005 to a robust 15.0% of all spam by July 2006.

On the spammer side, it shows a level of sophistication and professionalism. With this approach, there are no traceable links to back-end systems required (unlike the “buy this product” or “give me your identity” scams) and spammers can use gained experience points to improve their message with the next touted stock. There really is not a ton of risk here if the spammers account for SEC laws that they disclose their financial interest in the message. It is designed to capitalize on the greed of recipients, and it works!

One the spammee side, it is the same old story to be cautious. It blows me away that people would actually put their money into play based on a stock tip received from an unknown source on the Internet. I guess there is no accounting for the gullible. We’ve said it many times before, but it is always a good to remind ourselves:

1. Don’t open, don’t read e-mail from people who you don’t know. No need to make yourself vulnerable to malicious code or temptations of offers too good to be true.
2. Don’t believe everything you read. Be sure you know that the author is reputable – the fact that your friend forwarded you the e-mail does not vouch for its authenticity.
3. Don’t act on what you read. If the above two points don’t stop you, please chicken out before tossing your hard earned money away.

Remember TINSTAAFL: There Is No Such Thing As A Free Lunch

Email this

Digg this

What People Are Saying

Add new comment

Spammers obtain their list

Submitted by buy dvd on February 11, 2008 - 5:33 A.M.

Spammers obtain their list of victims primarily by harvesting web pages. They use special address extraction software that will spider a site and extract all of the email addresses off its web pages. Entity encoded address obfuscation is one technique to protect your web pages against harvesting. It's popular and easy to do. Unfortunately, it doesn't work.

Reply | Report this comment

I had been a loyal and

Submitted by Anonymous on December 5, 2007 - 7:00 P.M.

I had been a loyal and paying customer of Spamarrest for some time, recently their service has been erratic and I lost a number of important messages. After not receiving adequate support I decided to cancel my recently renewed account and asked for a refund of the unused portion. Here is their response:
Hi David,

Thanks once again.

David, I am very sorry to tell you that we are not able to offer you a refund for your account. You may continue to use your Spam Arrest account till 2008-10-01 by reactivating the account.

I truly apologize for your inconvenience, David. Please do let me know if you need anything else.

Best Regards,
Peter
Technical Support Specialist
Spam Arrest

Reply | Report this comment

I disagree with you botn, if

Submitted by Anonymous on July 6, 2007 - 9:39 P.M.

I disagree with you botn, if everyone would send 1000 spams to the spammers address we would not have spam anymore. Even if they are using someone else computer it would convince that person to put a stop to them using his computer for spamming. It would also overload some networks that allow spamming. Good they need it.

Also open the spam and find out who it is going to and spam their abuse addressess or support address with at 1000 spams
FIGHT SPAM WITH SPAM

Reply | Report this comment

AFrank, I strongly recommend

Submitted by Richi Jennings on January 2, 2007 - 7:16 P.M.

AFrank, I strongly recommend people not to use SpamArrest.

This service replies to spam. As you may know, spammers don't send email "from" their own email addresses. Instead, they forge other people's addresses. Hence, SpamArrest sends your challenge replies to innocent 3rd parties. It's a big and growing problem.

A growing number of email administrators treat these "misdirected challenges" as abuse of the Internet. They perceive that services like SpamArrest send what is effectively spam. By using SpamArrest, you are therefore being seen as a spammer, and will no doubt find yourself on lists of spammers. This may mean that your email will have more and more trouble getting through. It will also mean that your challenges won't get through, so you won't be able to receive email from new email addresses.

I urge you to stop using SpamArrest so that I and other email users won't have to deal with the spam you're indirectly generating. You'll also benefit from actually receiving the email you wanted to get.

As an alternative, may I recommend a good conventional spam filter, which will lose far fewer legitimate messages, while filtering out practically all the spam.

More at:

Reply | Report this comment

Spamarrest

Submitted by AFrank on January 2, 2007 - 3:56 P.M.

Since joining spamarrest I've followed their stats page for my account and my spam has increased in just over two years 300% from when I joined. Bill Gates said he would solve the spam problem in 2006 but really Spam Arrest did years ago at least for me. I don't see spam decreasing anytime soon so I'm keeping my Spam Arrest account.

Reply | Report this comment

Web filtering internationally, part 1: China

The fobbit

Unlock/jailbreak new iPhone 3G software with #blackra1n app

CIO: Clunky security biggest bugaboo in 2010

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Eric Ogren's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Spam does work

What People Are Saying

Spammers obtain their list

I had been a loyal and

I disagree with you botn, if

AFrank, I strongly recommend

Spamarrest

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Eric Ogren's Archive

IT Topics

Sponsored Links