CircleID

A managed spam vendor always has to raise the stakes during its introduction period on the market. But what happens when a market follower starts using the market leader's proprietary managed spamming system, and is able to provide better spamming rates at cheaper prices? Market forces and unethical competition at its best.

So, what is this market challenger using the monopolist's proprietary system up to anyway? (With respect to managed spamming services not spam in general.) Promising and delivering, 1,400,000 emails daily, 60,000 mails per hour, and 100 emails per minute. What we've got here are the spam metrics out of 5 already finished spam campaigns that has managed to send out a million spam emails using only 2000 malware infected hosts. Also, CC-ing and BCC-ing made it possible to multiple the effect of the campaign and increase the total number of emails spammed. Talking about benchmarks, 789 emails per minute at a rate of 12/13 emails per second is a pretty good one, considering it's only 2k bots that they were using. What they also promise is automatic rotation of IPs upon automatically checking them against public blacklists, and a mix rotation of IPs from their own netblocks located in Russia and Germany with the fresh IPs coming from the newly infected hosts.

Earlier this month, I discussed the market leader's managed spamming system, to which access is also offered for rent:

The SET-X Mail System is a typical example of a "one stop spamming shop" that has managed to vertically integrate on their own and logically provide anything a spammer could possible need from a spamming service.

"An inside look of the system obtained on 2008-08-12 indicates that they are indeed capable of delivering what they promise — speed, simplicity and 5000 malware infected hosts. Moreover, the attached screenshot demonstrates that 20 different email databases can be simultaneously used resulting in 16,523,247 emails about to get spammed using 52 different macroses. Furthermore, what they refer to as a dynamic set of regional servers aiming to ensure that the central server never gets exposed, is in fact fast-flux which depending on how many bots they are willing to put into "rtsegional server mode" shapes the size of the fast-flux network at a later stage."

With cutting edge managed spam services like the ones currently in circulation, it remains to be seen whether or not spammers would migrate to this outsourcing model, or continue coming up with adaptive ways to send out their scams and malware on their own.

By Dancho Danchev, Independent Security Consultant. Visit the blog maintained by Dancho Danchev here.

Related topics: Email, Law, Malware, Spam