Going After the Money, Tracing Spammers with an End to End Analysis of the Spam Value Chain

Interesting publication of a paper at the IEEE Symposium on Security and Privacy 2011 (California). The research (involving 15 authors) investigated purchasing spam products and amongst other things, focused on tracing the payments.

” .. The paper performs holistic analysis that quantifies the full set of resources employed to monetize spam email—including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks ..

the so-called “spam value chain” involves; botnets, domain registration, name server provisioning, hosting services, and proxy services ..

spammers must also process orders, which requires “payment processing, merchant bank accounts, customer service, and fulfillment.” ..

95% of spam-advertised pharmaceutical, replica, and software products are monetized using merchant services from just a handful of banks ..

13 banks handling 95% of the 76 orders for which they received transaction information .. just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean ..

all software orders and 85% of pharmaceutical orders used the correct Visa “Merchant Category Code,” which identifies what’s been sold. “A key reason for this may be the substantial fines imposed by Visa on acquirers when miscoded merchant accounts are discovered ‘laundering’ high-risk goods,” ..

orders were fulfilled from 13 suppliers in four countries: the United States–Massachusetts, Utah, and Washington, all for herbal purchases, as well as West Virginia for pharmaceuticals–plus India, China, and New Zealand. Most pharmaceuticals came from India, while most herbal products came from the United States, likely due to weak regulations ..”

“3 Banks Service Majority Of Spam-Driven Sales”
Mathew J. Schwartz, InformationWeek 25 May 2011
http://www.informationweek.com/news/security/client/229625599 – last access 8 June 2011 – ( Full Article )

“Click Trajectories: End-to-End Analysis of the Spam Value Chain”
Kirill Levchenko et al., IEEE Symposium on Security and Privacy 2011, Oakland, California, 24 May 2011
http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf – last access 8 June 2011 – ( Full Journal )

/cobramark3

June 8, 2011 | Categories: Analysis, Legal, News, Privacy, Spam | Tags: Azerigazbank, Computer Forensics, Digital Forensics, DnB NOR, Legal, Merchant Bank Accounts, Network Forensics, Payment Processing, Spam, Spammers, St. Kitts-Nevis-Anguilla National Bank | Comments Off on Going After the Money, Tracing Spammers with an End to End Analysis of the Spam Value Chain