Thursday, May 19, 2011

Spam study in the New York Times

The New York Times just posted a story about a new study from computer scientists here at UC San Diego and at UC Berkeley / International Computer Science Institute.

The paper describing the study is called "Click Trajectories: End-to-End Analysis of the Spam Value Chain".

The abstract is below, and a PDF of the paper is available here.

The New York Times article by John Markoff is here:
"Study Sees Credit Cards as ‘Choke Point’ for Spam"

Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email— including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

The full list of authors: 
Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage.

The authors affiliated with the following institutions:

Department of Computer Science and Engineering 
University of California San Diego

Computer Science Division
University of California, Berkeley

International Computer Science Institute 

Laboratory of Cryptography and System Security (CrySyS)
Budapest University of Technology and Economics