The Spammer, the Botmaster, and the Researcher: on the Arms Race in Spamming Botnet Mitigation - Major Area Exam

Spam, or Unsolicited Bulk Email, is a big problem in nowadays internet. Recent studies report that spam accounts for more than 90% of the worldwide email traffic [40]. Spam is not only annoying for users, who receive content they did not request, but is also a burden for the whole email delivery infrastructure, that needs to keep delivering legitimate emails with a short delays, but also make sure that unsolicited messages are detected and blocked. Spam can have different goals, from carrying out scams to spread malware with malicious email attachments. However, one of the most common types of spam is the one that promotes e-commerce sites selling illicit goods, such as pharmaceutical products or counterfeit watches and accessories. The e-commerce sites selling such products present the same functionalities of popular legitimate sites (e.g., Amazon), and offer customer service, daily deals, and even refunds if the user is not satisfied. The reason of this is that the cybercriminals behind such sites want to appear as legitimate as possible. Also, unlike what people commonly think, these sites are not scamming their users, and the purchased goods are actually delivered to the recipients [30, 36]. Whether the drugs produces by these companies are equivalent to the branded ones or not is an open question. Large spam e-commerce sites offer affiliate programs (partnerka in Russian) [51]. People who join these affiliate programs send spam through their own email delivery infrastructures, and receive a cut of the revenue in exchange for their services. Past research showed that spam e-commerce sites are quite profitable, with estimates going from $300,000 to $1 Million a month for a large affiliate site [29, 30]. The operations of spam e-commerce involve parties located in most parts of the world, from the domain registrars, to the hosting providers, to the banks processing the payments [36]. For this reason, although many countries have good anti-spam laws, effectively fight them on the law side is hard. Nowadays, most of worldwide spam is sent by botnets, which are networks of compromised computers that act under the control of a single entity, the so called botmaster. Recent reports show how botnets are responsible for 85% of worldwide spam [59]. Botnets