Stefan Savage
Department of Computer Science and Engineering
University of California, San Diego
"Spamalytics: Exploring the Technical and Economic Underpinnings of Bulk E-mail Scams"
When asked why he robbed banks, Willie Sutton famously responded, “Because that’s where the money is”. Today, the same sentiment is widely applied to the Internet as well. The tremendous growth of on-line commerce has made Internet users, their computers and their data a valuable target for criminal actors. However, in spite of the fact that virtually all on-line crime is economically motivated, the underlying economics are poorly understood and even more poorly quantified. In this talk I will explore this issue in the context of spam-based advertising, a business whose “return-on- investment” depends both on delivery technology and consumer appetites. While the security community has traditionally focused on the former issue, producing an arms race between spammer and anti- spammer, the the other half of the spam value proposition is the “conversion rate” — the probability that an unsolicited e-mail will ultimately elicit a “sale”. In this talk, I will describe a methodology for using parasitic botnet infiltration to empirically infer the delivery and conversion rates of spam campaigns. I will present a preliminary analysis of over 400 million instrumented spam e-mails across two campaigns and quantify the underlying processes that modulate profits.
Thursday, March 19, 2009
3:00 - 4:15
Wu & Chen
101 Levine Hall