Thursday, December 15, 2011

End-to-End Analysis of the Spam Value Chain

A fascinating paper analyzing spam as a business model. Here's a picture showing how a typical Viagra spam transaction works:

With all its complexity, the spam business has a choke point: bank transactions. According to the study, only three banks clear the vast majority of high-risk transfers. is the banking component of the spam value chain that is both the least studied and, we believe, the most critical. Without an effective mechanism to transfer consumer payments, it would be difficult to finance the rest of the spam ecosystem. Moreover, there are only two networks—Visa and Mastercard—that have the consumer footprint in Western countries to reach spam’s principal customers. While there are thousands of banks, the number who are willing to knowingly process what the industry calls “high-risk” transactions is far smaller. This situation is dramatically reflected in Figure 5, which shows that just three banks provide the payment servicing for over 95% of the spam-advertised goods in our study.

via MTR

Source: Levchenko, K., et. al. "Click Trajectories: End-to-End Analysis of the Spam Value Chain," Security and Privacy (SP), 2011 IEEE Symposium on , vol., no., pp.431-446, 22-25 May 2011

tags: business, model, deontic, information, commerce

No comments: