By Dancho Danchev
We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers.
Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready SMTP servers and discuss their potential, as well as the re-emergence of bulletproof SMTP servers as a propagation method of choice.
Sample diagram emphasizing on the effectiveness of the spam-ready SMTP servers:
The pricing scheme used by the cybercriminal(s) behind the service:
It’s fairly evident that the service’s lack of bandwidth, compared to that of a massive botnet, may not necessarily impress a cybercriminal wanting to ‘crunch out’ tens of millions of fraudulent/malicious emails on a daily basis. However, in terms of targeted attacks, surgical ‘striking’ of a potential market segment of interest to the cybercriminals with ‘Inbox delivery assurance’ is crucial for a successful campaign.
Years ago, opportunistic cybercriminals relying on the ‘product marketing concept’ tried ‘pushing’ it on to the (cybercrime) market, in an attempt to change the rules of the game, empower their customers with sophisticated spam/phishing filters bypassing solutions and, of course, cash out, while gaining the underground market credibility for pioneering a new era in the world of spamming.
We believe that these ‘spamming appliances’ indeed materialized, and continue getting used by OPSEC (Operational Security) aware cybercriminals, along with the evident re-emergence of the bulletproof SMTP server as a means of reaching out to potential victims.