How spam works, from end to end


"Click Trajectories: End-to-End Analysis of the Spam Value Chain" is a scholarly research paper reporting on a well-designed study of the way that spam works, from fast-flux DNS to bulletproof hosting to payment processing to order fulfillment. The researchers scraped mountains of spam websites, ordered their pills and fake software, and subjected it all to rigorous comparison and analysis. They were looking for spam ecosystem bottlenecks, places where interdicting one or two companies could have a major impact on spam.

After selecting an item to purchase and clicking on "Checkout", the storefront redirects the user to a payment portal served from payquickonline.com (this time serving content via an IP address in Turkey), which accepts the user's shipping, email contact, and payment information, and provides an order confirmation number. Subsequent email confirms the order, provides an EMS tracking number, and includes a contact email for customer questions. The bank that issued the user's credit card transfers money to the acquiring bank, in this case the Azerigazbank Joint-Stock Investment Bank in Baku, Azerbaijan (BIN 404610). Ten days later the product arrives, blister-packaged, in a cushioned white envelope with postal markings indicating a supplier named PPW based in Chennai, India as its originator.

Click Trajectories: End-to-End Analysis of the Spam Value Chain (PDF)

(via MeFi)