How spammers make their money
According to a US Treasury advisor, global cybercrime turned over more money than drug trafficking in 2004.
Since then the major global malware epidemic has been putting greater wealth into the hands of criminals than ever before, and security experts have warned that organised crime syndicates have taken over much of the creation and exploitation of malware in circulation today. But how do they make their money and how much?
Spammers send out millions of messages on behalf of online merchants who want to sell a product. If a spam recipient buys something, the spammer gets a percentage of the sale. For pharmaceuticals the commission can be as high as 50%, and research has shown that the response rate can be rather high. A good example is "penis related spam" which has a 5% click rate, meaning that 5% of the recipients actually open the spam mail and click on the link in the mail.
This means that spammers can make a massive amount of money. In July 2007, a retired spammer told PC World that at the peak of his power he pulled in $10,000 to $15,000 a week sending e-mails that promoted pills, porn and casinos.
Spam is usually sent from networks of hacker-controlled computers, so-called botnets. Those machines are often consumer PCs infected with malicious software that a hacker can control. Groups of hacker specialize in creating botnets and make money renting them to spammers by the hour. The going rate for botnets has been from $300 to $700 per hour.
Botnets are frequently used for so-called Denial of Service (DoS) attacks where hackers demand money to stop bombarding a specific website with requests, making it unavailable to its intended users. In the second half of 2006, an average of 5,213 DoS attacks were recorded per day. The US was the target of most attacks accounting for 52% of the worldwide total.
In 2010, Spain topped the bot ranking with 44.49% of all infected computers, according to net-security.org. Next in the ranking, although a long way behind with 14.41%, comes the United States, followed by Mexico (9.37%) and Brazil (4.81%).
Phishers / Identity thieves
According to Phishing Activity Trends Report released by APWG, Payment Services was the most targeted industry sector in 2010, enduring nearly 38%of detected attacks. Financial Services was second at 33% followed by Classifieds at 6.6%, though the latter exhibited the most rigorous growth of all sectors.
The United States is the top country hosting phishing sites, while China, the United Kingdom and Canada each take the second place in rotation.
The Swedish bank Nordea suffered one of the biggest publicly known phishing frauds in history. Over 8 million kronor ($1,200,000) disappeared in three months as a result of a tailor-made attack launched by Russian criminals. Reports indicated that 250 customers had become victims.