By Dancho Danchev
What does it take to be a successful spammer in 2012? Access to a botnet, managed spamming appliance, spam templates that are capable of bypassing spam filters, and most importantly freshly harvested databases of valid emails from multiple email providers.
Let’s profile a web-based service currently selling millions of harvested emails to potential spammers, and find out just how easy it is to purchase that kind of data within the cybercrime ecosystem.
Like every successful marketer, spammers too, know the basics of market segmentation, and market localization. From vendors of localization on demand services, offering spammers to ability to translate their messages to the native languages of their prospective recipients, to vendors of segmented email databases, in 2012 spamming is easy to outsource and manage as a service.
The web-service I’m going to profile is called Baza-Inform. Basically, it offers potential spammers segmented databases of harvested emails.
Currently, the service has the following inventory of emails:
- mail.ru, bk.ru, list.ru, inbox.ru – 15 970 807
- ya.ru, yandex.ru, narod.ru – 3 091 994
- rambler.ru, lenta.ru, ro1.ru – 1 636 720
- qip.ru, pochta.ru, fromru.com – 1 944 490
- nextmail.ru – 185 987
- gmail.com, googlemail.com – 8 888 053
- yahoo.com, yahoo.us – 36 267 998
- hotmail.com – 28 829 391
- aol.com – 22 356 273
- gmx.com, gmx.de – 12 465 024
Just how easy is it to harvest emails? Like in every other market segment within the cybercrime ecosystem, spammers are quick to adapt to emerging trends aiming to prevent the automatic harvesting of emails. In 2008, I came across an email harvester that’s capable of harvesting emails in the following formats:
mail [space]mail [space]com
mail AT mail DOT com
Moreover, in 2009 it became evident that spammers are directly harvesting emails from Twitter users who share their email details over the micro-blogging service. Clearly, such lists are fairly easy to compile, given the active harvesting on behalf of the spammers. In terms of quality assurance, prospective buyers cannot verify the validity of the database until they purchase it. Once they purchase it, they will use tools such as the High Speed Verifier to verify their validity automatically.
Monitoring of the service is ongoing. Details will be published as soon as they update their underground market proposition.