Posted by Mikko @ 14:07 GMT
Tuesday, May 24, 2011
While doing some spam research couple of years ago, we did a series of test purchases from spam emails.
We bought pills, software, cigarettes etc. We were a bit surprised that almost all of the orders went through and actually delivered goods. Sure, the Windows CD we got was a poor clone and the Rolex was obviously fake, but at least they sent us something.
We were carefully watching the credit card accounts we created for our tests but we never saw any fraudulent use of them.
Most surprising outcome from this test was that we didn't see more spam to the email addresses we used to order the goods.
Our findings were reinforced by an excellent new study published by University of California researchers (with an impressive list of authors).
The researchers not only did test purchases from spam, they also tracked down the botnets used to send the emails, the hosting systems to host the spam sites and the banks that moved the money.
One of the most interesting details in the study is this: almost all spam sales worldwide are handled by just three banks.
The banks? They were:
»
www.f-secure.com/weblog/ ··· 164.html