How much money do $pa/\/\/\/\ers make from you website? Dr. PedramHayati Stratsec, BAE Systems Perth, Australia Ms. NazaninFiroozeh Uniof Pierre and Marie Curie Paris, France Dr. Kevin Chai Uniof New South Wales Sydney, Australia Dr. VidyasagarPotdar Curtin University Perth, Australia
Revenue?? – Take a Guess Economist: ??? response(s) per 10,000 spam messages Jude & Alperovitch: ??? response(s) per 500,000 spam messages Gansterer: Average revenue per spam message is $???
Revenue?? – Take a Guess Economist: 1 response per 10,000 spam messges Jude & Alperovitch: 5 responses per 500,000 spam emails Gansterer: Average revenue per spam message is $0.00434
Cost of sPam/\/\ing Windows & .NET magazine: Annual cost of spam management ??? Nucleus Research: Annual cost of spam management/employee ???
Cost of sPam/\/\ing Windows & .NET magazine: Annual cost of spam management $2.5Million Nucleus Research: Annual cost of spam management/employee $2000
Idea A methodological approach to address • The cost of spamming • The success ratio that turn a spamming campaign into profit On the Web • Spam 2.0: New generation of spam in Web 2.0 platform
Spam 2.0 * P. Hayati, V. Potdar, A. Talevski, N. Firoozeh, S. Sarenche, E. A. Yeganeh. “Definition of Spam 2.0: New Spamming Boom”. IEEE Digital Ecosystem and Technologies (DEST), Dubai, UAE, 12-15 April 2010.
Methodology • Setup Website • Harvest Target Implement Select Tactic Design Ad Ethics Approval Experiment
Ethics approval • No record of any personal details • No record of payment procedure • Taken all possible steps to ensure the experiment does not harm web owners and users • Ethics approval to conduct this research was granted by Curtin University. Research with Minimal Risk
Website Setup Product categories Prices Images Descriptions Reviews Website structure Were added to give a real feel of a online pharmacy website
Website Setup We implemented a tracking module to monitor user navigation to record the visitor behaviour on the website. Six parameters were tracked in our tracking module, including: Date and time of visit Demographic information for each visitor URL of the site the visitors were referred from Visited webpages’ URL and their frequency Number of visitors that “checked out” If the visitor was a web robot. Web crawlers could also visit our website since we had published the website URL on a number of Web 2.0 websites. So, we identified and removed all web crawler data from our dataset by evaluating their IP address and user agent details. Hayati, P., Chai, K., Potdar, V., and Talevski, T., 2009. HoneySpam 2.0: Profiling Web Spambot Behaviour. In: Principles of Practice in Multi-Agent Systems (PRIMA 2009). Nagoya, Japan, December 14-16. 23% acceptance, LNCS Proceedings
Advertisement design • Relevant • Irrelevant • Two languages • English • Persian Thanks for the post. It was very informative. I have also found a similar article at www.spamwebsite.com
Select spam tactic Tactic • Comment • Forum posts • Replies • Referrer URL • Personal message Auto-submitter • ScrapeBox, SENuker, XRummer, Custom Scripts Bypass protections • CAPTCHA • Email verification XRumer is a search engine optimization program, created by BotmasterLabs, that is able to successfully register and post to forums (forum spam) with the aim of boosting search engine rankings. Wikipedia XRumer has many inbuilt features to bypass common filtering mechanisms (e.g. CAPTCHA and email validation), create user accounts, and reply to forum threads.
Target harvesting Querying search engines • inurl:exampleforum.php Query third party search engines Obtain a list of websites • phpBBforums.txt Targeted: 100k websites • 75K relevant/20K off-topic/2.5k Persian
Implementation We hosted our ad campaign on VMWare ESX4 servers under highly controlled and monitored environment. The ad campaign used the XRumer tool in Windows XP operating system. All outbound and inbound ports, except port 80 (default port for HTTP connections), were blocked. We used a dedicated broadband Internet connection and monitored all the traffic to and from the server.
Experiment 7 target groups: Experiment period: 1m Relevant websites from lists Off-topic websites from lists Relevant websites from search Perian websites from search Relevant websites from search (PM only) Reply relevant content for the result Reply off-topic content for the result
Experimental Setup - Dataset We harvested a list of over 98,358 websites including 91,797 relevant (i.e. pharmaceutical), 2,071 irrelevant, and 2,340 Farsi language websites. Target harvesting was conducted for Approximately one month in order to retrieve 95,137 unique websites. The remaining 3,221 websites were obtained from website lists provided by our spam tools.
Results – Traffic Analysis Total bandwidth usage: 41GB The daily network bandwidth used in the entire experiment by our campaign (presents sent traffic) The daily network bandwidth used in the entire experiment by our campaign (presents received traffic).
Results Targeted 66,000 website out of 100K • 8000 successfully published • Average distribution rate %11.73 • 16.18% comment/posts • 2.88 PM • 0.03 reply Published list of targets were the best datasets
Result$ Conversion rate 26% • 2000 unique visits • Clicks from referrer URL >> link in the content • Spam in non-English language more successful • 756 visits out of 75 published Purchase rate 0.14% • 3 product purchases 2000 visits even after concluding the experiment
Email: email@example.com Vidyasagar.firstname.lastname@example.org Acknowledgment Dr. Pedram Hayati Stratsec BAE Systems, Australia Ms. Nazanin Firoozeh University of Pierre and Marie Curie Paris 6, France Dr. Kevin Chai University of New South Wales, AU Also on Curtin news: http://news.curtin.edu.au/news/who-you-gonna-call/ The Australian: http://www.theaustralian.com.au/australian-it/blogs-and-forums-taken-over-by-spam-says-study/story-e6frgakx-1226101617103 Cite as P. Hayati, N. Firoozeh, V. Potdar, K. Chai. "How much money do spammers make from your website?". Cube 2012. Pune, India, 3-5 Sept 2012. ^ Download the slides ^ OR www.potdar.info/publications or • http://bit.ly/18Ui3gO Thank you Vidyasagar Potdar