Just how easy is it to become a spammer in 2012? Too easy to be true.
Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet take downs we’ve seen in recent years, spam and phishing attacks continue plaguing millions of end and corporate users, potentially exposing them to malicious links, malicious payloads and fraudulent propositions.
In this post, I’ll profile a Russian managed spam service that’s been in operation for 5 years, allowing novice cybercriminals an easy entry into the world of spamming.
What’s particularly interesting about the service, is that it’s currently advertised at a dozen of cybercrime-friendly underground communities, in an attempt by its owners to increase the clients base. What’s so special about this service anyway? Is it vertically integrating within the marketplace by occupying leading positions in multiple market segments? Let’s take a closer look.
Screenshots of the service’s underground market proposition, and currently harvested email databases offered for sale:
How does the service differentiate itself from the rest of the propositions within the cybercrime ecosystem? By emphasizing on key core competencies such as managed QA (quality assurance) ensuring that the message about the get spammed will successfully bypass anti-spam filters. Next to this option, the service also offers the availability of graphic designers capable of producing custom layouts on request. Not surprisingly, thanks to the fact that the service is build around the concept of anonymity, a customer could easily request the design of spam templates impersonating Google, Facebook, USPS, LinkedIn, U.S Airways, or Verizon Wireless.
- Security tip: Since spammers constantly crawl the public Web looking for emails, including micro-blogging services as Twitter for instance, make sure that you’re not publicly sharing your email address in an easy to crawl way, if you don’t want to have it become part of a spammer’s arsenal
For customers who don’t have their own databases of harvested emails, the managed spam service will gladly offer them to take advantage of the already harvested databases of publicly obtainable emails.
Databases of harvested email addresses on a per country/industry/type of email basis is available at the following prices:
- Moscow region – 3,200,000 harvested emails – Price: 8,000 rubles ($256)
- Moscow organizations and manufacturers – 800,000 harvested emails. Price – 4,000 rubles ($128)
- Moscow citizens – 2,450,000 harvested emails – Price 5,500 rubles ($177)
- Russian organizations and manufacturers – 3,280,000 – Price 7500 rubles ($241)
- Russian citizens – 10,000,000 harvested emails – Price 13,000 rubles ($419)
- St. Petersburg organizations and manufacturers – 270,000 harvested emails – Price 3,300 rubles ($106)
- Kiev based companies – 480,000 harvested emails – Price $150
- Ukraine based emails – 1,500,000 harvested emails – Price 5,000 rubles ($161)
- Austria based emails – 185,000 harvested emails – Price $100
- United Kingdom based emails – 130,000 harvested emails – Price $100
- Germany based emails – 300,000 harvested emails – Price $100
- Italy based emails – 210,000 harvested emails – $100
- Estonia based emails – 20,000 harvested emails – Price $100
Among the key differentiation factors used by this vendor of managed spam service, is the ability to send spam on fax numbers, with an already obtained database consisting of 98,000 fax numbers. This and the recently exposed capability of managed MMS spam sending, indicate the vendor’s ongoing customerization of their business model.
Webroot will continue monitoring the development of the service.