Click trajectories: End-to-end analysis of the spam value chain

Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Márk Félegyházi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email - including naming, hosting, payment and fulfillment - using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

    Original languageEnglish (US)
    Title of host publicationProceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011
    Pages431-446
    Number of pages16
    DOIs
    StatePublished - 2011
    Event2011 IEEE Symposium on Security and Privacy, SP 2011 - Berkeley, CA, United States
    Duration: May 22 2011May 25 2011

    Other

    Other2011 IEEE Symposium on Security and Privacy, SP 2011
    CountryUnited States
    CityBerkeley, CA
    Period5/22/115/25/11

    Fingerprint

    Trajectories
    Industry
    Electronic mail
    Drug products
    Websites
    Marketing

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Software
    • Computer Networks and Communications

    Cite this

    Levchenko, K., Pitsillidis, A., Chachra, N., Enright, B., Félegyházi, M., Grier, C., ... Savage, S. (2011). Click trajectories: End-to-end analysis of the spam value chain. In Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011 (pp. 431-446). [5958044] https://doi.org/10.1109/SP.2011.24

    Click trajectories : End-to-end analysis of the spam value chain. / Levchenko, Kirill; Pitsillidis, Andreas; Chachra, Neha; Enright, Brandon; Félegyházi, Márk; Grier, Chris; Halvorson, Tristan; Kanich, Chris; Kreibich, Christian; Liu, He; McCoy, Damon; Weaver, Nicholas; Paxson, Vern; Voelker, Geoffrey M.; Savage, Stefan.

    Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011. 2011. p. 431-446 5958044.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Levchenko, K, Pitsillidis, A, Chachra, N, Enright, B, Félegyházi, M, Grier, C, Halvorson, T, Kanich, C, Kreibich, C, Liu, H, McCoy, D, Weaver, N, Paxson, V, Voelker, GM & Savage, S 2011, Click trajectories: End-to-end analysis of the spam value chain. in Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011., 5958044, pp. 431-446, 2011 IEEE Symposium on Security and Privacy, SP 2011, Berkeley, CA, United States, 5/22/11. https://doi.org/10.1109/SP.2011.24
    Levchenko K, Pitsillidis A, Chachra N, Enright B, Félegyházi M, Grier C et al. Click trajectories: End-to-end analysis of the spam value chain. In Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011. 2011. p. 431-446. 5958044 https://doi.org/10.1109/SP.2011.24
    Levchenko, Kirill ; Pitsillidis, Andreas ; Chachra, Neha ; Enright, Brandon ; Félegyházi, Márk ; Grier, Chris ; Halvorson, Tristan ; Kanich, Chris ; Kreibich, Christian ; Liu, He ; McCoy, Damon ; Weaver, Nicholas ; Paxson, Vern ; Voelker, Geoffrey M. ; Savage, Stefan. / Click trajectories : End-to-end analysis of the spam value chain. Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011. 2011. pp. 431-446
    @inproceedings{1d6116be86e443cfacd21dae62243760,
    title = "Click trajectories: End-to-end analysis of the spam value chain",
    abstract = "Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email - including naming, hosting, payment and fulfillment - using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95{\%} of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.",
    author = "Kirill Levchenko and Andreas Pitsillidis and Neha Chachra and Brandon Enright and M{\'a}rk F{\'e}legyh{\'a}zi and Chris Grier and Tristan Halvorson and Chris Kanich and Christian Kreibich and He Liu and Damon McCoy and Nicholas Weaver and Vern Paxson and Voelker, {Geoffrey M.} and Stefan Savage",
    year = "2011",
    doi = "10.1109/SP.2011.24",
    language = "English (US)",
    isbn = "9780769544021",
    pages = "431--446",
    booktitle = "Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011",

    }

    TY - GEN

    T1 - Click trajectories

    T2 - End-to-end analysis of the spam value chain

    AU - Levchenko, Kirill

    AU - Pitsillidis, Andreas

    AU - Chachra, Neha

    AU - Enright, Brandon

    AU - Félegyházi, Márk

    AU - Grier, Chris

    AU - Halvorson, Tristan

    AU - Kanich, Chris

    AU - Kreibich, Christian

    AU - Liu, He

    AU - McCoy, Damon

    AU - Weaver, Nicholas

    AU - Paxson, Vern

    AU - Voelker, Geoffrey M.

    AU - Savage, Stefan

    PY - 2011

    Y1 - 2011

    N2 - Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email - including naming, hosting, payment and fulfillment - using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

    AB - Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown). In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email - including naming, hosting, payment and fulfillment - using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

    UR - http://www.scopus.com/inward/record.url?scp=80051960199&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=80051960199&partnerID=8YFLogxK

    U2 - 10.1109/SP.2011.24

    DO - 10.1109/SP.2011.24

    M3 - Conference contribution

    AN - SCOPUS:80051960199

    SN - 9780769544021

    SP - 431

    EP - 446

    BT - Proceedings - 2011 IEEE Symposium on Security and Privacy, SP 2011

    ER -