When Microsoft slayed the notorious botnet Rustock, which had been sending as much as 40 percent of all spam worldwide, in March 2011, it forced the volume of spam into a decline from which it has never fully recovered.
But while spammers lost a major weapon in their arsenal with the Rustock seizure, they have proven adept at changing their tactics. In the last few years, security experts say, spammers have embraced more sophisticated means of tricking users into following links. They have also followed users from email onto social networks.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
At its peak in late 2008, spam accounted for more than 90 percent of all email sent in the world, with more than 5 trillion spam messages sent each week. In 2011, spam accounted for about 75 percent of email with roughly 294 billion messages a week, according to Symantec's 2011 Internet Security Threat Report.
Spammers have seen their incomes fall since boom times, but the major players can still make a million dollars a year from each major advertising client, according to Stefan Savage, a University of California San Diego computer scientist whose research into pharmaceutical spam has provided some of the most concrete information available about the underground spam economy.
Of course, in the spam world, as in the real world, not everybody is a big dog.
"There are a small number of people who make a lot of money and then it drops off precipitously," said Savage.
The money lining spammers' pockets comes from average people who give in to the temptation to buy cut-rate Viagra, or a fake Rolex, or perhaps a discounted cancer drug that they can't afford any other way. In most cases, spam experts say, the suckers receive a product -- it may or may not work, but they do get something in the mail. About three quarters of all spam messages promote real products.
A spammer gets a 35-50 percent commission for each purchase made on a website that comes via a custom link that identifies him or her as the source of traffic. The spammer generally commandeers more of the profit than the seller, according to Savage. In order to make such an arrangement, the product must have a high profit margin to begin with, which explains why unlicensed generic drugs, pornography, pirated software and casinos are popular topics of spam email.
To send out his messages, a spammer uses a stockpile of bogus email accounts he and his associates have hacked into or created for the purpose. They might also purchase valid accounts. The going rate, according to Savage's research, is 1 cent for a Hotmail account and 7 cents for a Gmail account. Spammers organize such transactions on underground forums such as BlackHatWorld, over Internet relay chat, or even on mainstream websites like Freelance.com.
Spammers also often purchase lists of would-be recipients' email addresses. Cybercriminals gather these addresses using key logging software on infected computers or by scraping them out of a compromised database on another website. They may download PDFs that contain addresses and pay lackeys to enter them into a database. A tried and true technique involves crawling the Web in search of email addresses. The least sophisticated technique is simply to guess: A common name at any domain will probably work, for example.