May 17, 2012 By Dancho Danchev

A peek inside a managed spam service

Just how easy is it to become a spammer in 2012? Too easy to be true.

Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet take downs we’ve seen in recent years, spam and phishing attacks continue plaguing millions of end and corporate users, potentially exposing them to malicious links, malicious payloads and fraudulent propositions.

In this post, I’ll profile a Russian managed spam service that’s been in operation for 5 years, allowing novice cybercriminals an easy entry into the world of spamming.

More details:

What’s particularly interesting about the service, is that it’s currently advertised at a dozen of cybercrime-friendly underground communities, in an attempt by its owners to increase the clients base. What’s so special about this service anyway? Is it vertically integrating within the marketplace by occupying leading positions in multiple market segments? Let’s take a closer  look.

Screenshots of the service’s underground market proposition, and currently harvested email databases offered for sale:

How does the service differentiate itself from the rest of the propositions within the cybercrime ecosystem? By emphasizing on key core competencies such as managed QA (quality assurance) ensuring that the message about the get spammed will successfully bypass anti-spam  filters. Next to this option, the service also offers the availability of graphic designers capable of producing custom layouts on request. Not surprisingly, thanks to the fact that the service is build around the concept of anonymity, a customer could easily request the design of spam templates impersonating GoogleFacebookUSPS, LinkedIn, U.S Airways, or Verizon Wireless.

For customers who don’t have their own databases of harvested emails, the managed spam service will gladly offer them to take advantage of  the already harvested databases of publicly obtainable emails.

Databases of harvested email addresses on a per country/industry/type of email basis is available at the following prices:

  • Moscow region – 3,200,000 harvested emails – Price: 8,000 rubles ($256)
  • Moscow organizations and manufacturers – 800,000 harvested emails. Price – 4,000 rubles ($128)
  • Moscow citizens – 2,450,000 harvested emails – Price 5,500 rubles ($177)
  • Russian organizations and manufacturers – 3,280,000 – Price 7500 rubles ($241)
  • Russian citizens – 10,000,000 harvested emails – Price 13,000 rubles ($419)
  • St. Petersburg organizations and manufacturers – 270,000 harvested emails – Price 3,300 rubles ($106)
  • Kiev based companies – 480,000 harvested emails – Price $150
  • Ukraine based emails – 1,500,000 harvested emails – Price 5,000 rubles ($161)
  • Austria based emails – 185,000 harvested emails – Price $100
  • United Kingdom based emails – 130,000 harvested emails – Price $100
  • Germany based emails – 300,000 harvested emails – Price $100
  • Italy based emails – 210,000 harvested emails – $100
  • Estonia based emails – 20,000 harvested emails – Price $100

Among the key differentiation factors used by this vendor of managed spam service, is the ability to send spam on fax numbers, with an already obtained database consisting of 98,000 fax numbers. This and the recently exposed capability of managed MMS spam sending, indicate the vendor’s ongoing customerization of  their business model.

Webroot will continue monitoring the development of the service.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

Trackbacks

  1. […] to commodity underground goods and services such as managed spam, harvested email databases, boutique cybercrime-friendly services, services offering access to […]

  2. […] data from legitimate customers. Thanks to the overall availability of harvested email databases, managed spam services, and phishing site templates for the most popular brands in the financial sector, a novice […]

  3. […] and U.S military email addresses offered for sale; New DIY email harvester released in the wild; A peek inside a managed spam service; Mobile spammers release DIY phone number harvesting […]

true