Disrupting the Spam Value Chainposted by Anna Mar, May 31, 2011
A group of 15 university researchers has done a interesting study of the spam value chain — how spam gets converted into cash.
The Spam Value ChainThe researchers were able to track 365 million URLs from spam messages back to 45 affiliate programs.
The researchers also made 120 purchases from spammers and then followed the money. The result: 95% of the spam payments flowed through 14 banks such as Azerigazbank in Azerbaijan and Wirecard AG in Germany.
Recommendations: Stop Paying Spam's BankersThe researchers suggest that current anti-spam strategies such as attacking botnets and spam filtering are ineffective. Spammers can quickly recover from lost botnets — and filtering will never be 100% effective.
They suggest the best way to stop spam is to go after the money:
- establish a task force that makes spam purchases and follows the money to merchant banks.
- identify the merchant banks where most spam money is flowing and blacklist them.
- refuse to settle credit card transactions for blacklisted banks.
Blacklisted banks would presumably be able to apply to get off the blacklist by freezing the accounts of spammers and strengthening their know-your-customer processes.
Existing LawsIt is not such a stretch to make banks responsible for the acts of their clients. There are already well establish international banking laws that do just that — including anti-money laundering and know-your-customer regulations.
The Internet is an easy place to hide — Internet resources can be obtained quickly and anonymously. Money on the other-hand is highly traceable. A similar approach can no doubt be taken to deal with malware.
This is the way to prove to your stakeholders that your recommendations are not just whims. |
Understanding your vulnerabilities is the first step to managing risk.|
Learn about the 10 most important patterns for SOA success.|
The exciting world of ITIL metrics.|