Storm network makes $3.5 million per year

THE INFAMOUS Storm bot network makes more than $3.5 million a year peddling Viagra, according to researchers.

Boffins at the computer science departments of the University of California at its Berkeley and San Diego infiltrated the Storm botnet and modified its command-and-control system. They inserted their own links in spam messages that lead to Web sites they created.

So in the name of research they hacked millions of people's computers and sent them to sites that advertised pharmaceuticals and the other mimicked an e-postcard site.

The e-postcard site didn't infect anyone with malicious software but that was about it. The boffin's drug site would return an error yet report a sale if someone tried to buy something.

While the boffin's watched, spam campaigns containing their code sent 69 million e-mails.

Of the 350 million messages, 10,522 users visited the site, but only 28 people tried to make a purchase. While a response rate of .0000081 percent is really low, the average purchase price was $100.

Based on how much pharmaceutical spam Storm sends out daily, the boffins worked out that revenue could top $7,000 per day or $3.5 million a year.

However, since that figure does not cover the costs of sending out that much spam, the boffins suggest that the spammers must also be running the drug sites, or at least taking a cut of the profits.

It also suggests that spammers and Storm network operators may be working on tight margins in order to make a profit, and their campaigns are "economically susceptible to new defenses".

Postcard sites were more likely to lure in victims and would create 3,500 to 8,500 new bots per day. µ

L'Inq
PC World