Click Trajectories: End-to-End Analysis of the Spam Value Chain

@article{Levchenko2011ClickTE,
  title={Click Trajectories: End-to-End Analysis of the Spam Value Chain},
  author={Kirill Levchenko and Andreas Pitsillidis and Neha Chachra and Brandon Enright and M{\'a}rk F{\'e}legyh{\'a}zi and Chris Grier and Tristan Halvorson and Chris Kanich and Christian Kreibich and He Liu and Damon McCoy and Nicholas C. Weaver and Vern Paxson and Geoffrey M. Voelker and Stefan Savage},
  journal={2011 IEEE Symposium on Security and Privacy},
  year={2011},
  pages={431-446}
}
Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-Spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown).In this paper we present a holistic analysis that quantifies the full set… 
View on IEEE
cs.gmu.edu
275 Citations
Highly Influential Citations
17
Background Citations
149
Methods Citations
21
Results Citations
12

Figures and Tables from this paper

275 Citations

Examining the Demand for Spam: Who Clicks?
TLDR
It is found that the volume of spam and clicking norms in a users' network are significantly related to individual consumption behavior, and that more active users are less likely to click, suggesting that experience and internet skill may create more savvy consumers.
The Potential Profitability of Spams Traditional spamming is a lucrative business : in 2008 , Kanich
TLDR
It is concluded that sextortion spamming is a lucrative business and spammers will likely continue to send bulk emails that try to extort money through cryptocurrencies.
The Economics of Spam
TLDR
The history of the market for spam is described, highlighting the strategic cat-and-mouse game between spammers and email providers, and the spam market's externality ratio of 100 is put into context by comparing it to other activities with negative externalities.
ViceROI: catching click-spam in search ad networks
TLDR
Working with a large real-world ad network, the simple-yet-general Viceroi approach catches over six very different classes of click-spam attacks (e.g., malware-driven, search-hijacking, arbitrage) without any tuning knobs.
The Economics of Spam: Externalities, Market Institutions, and Strategic Games
Spam, or unsolicited email advertising, has been the scourge of email inboxes for nearly twenty years. Spam attempts to generate attention for a merchant’s products or services, but unlike most forms
Suspended accounts in retrospect: an analysis of twitter spam
TLDR
This study examines the abuse of online social networks at the hands of spammers through the lens of the tools, techniques, and support infrastructure they rely upon and identifies an emerging marketplace of illegitimate programs operated by spammers.
Show Me the Money: Characterizing Spam-advertised Revenue
TLDR
Two inference techniques for peering inside the business operations of spam-advertised enterprises are described: purchase pair and basket inference, which provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spam -advertised programs.
There Are No Free iPads: An Analysis of Survey Scams as a Business
TLDR
This paper examined the survey scam process to determine the affiliates/sponsors that are behind this lucrative scam by performing an analysis of five months of Facebook spam data and provides the first empirical study and analysis of survey scams.
Peer Reviewed Title: Spam Value Chain : Defensive Intervention Analysis
TLDR
This dissertation looks into the spam ecosystem from the perspective of the attackers, in order to get a solid understanding of how they operate, and proposes effective defenses at both the advertising and click support components of the spam value chain.
Characterizing Seller-Driven Black-Hat Marketplaces
TLDR
This analysis uncovers the characteristics of these two non-underground seller-driven marketplaces and shows that many top sellers belong to an "insider ring", where accounts created close to the marketplaces' launch account for the majority of the sales.
...
...

References

SHOWING 1-10 OF 74 REFERENCES
Spamalytics: an empirical analysis of spam marketing conversion
TLDR
The best way to measure spam is to be a spammer, and this study makes use of an existing spamming botnet, by infiltrating the botnet parasitically and convincing it to modify a subset of the spam it already sends, thereby directing any interested recipients to Web sites under the authors' control.
Spamcraft: An Inside Look At Spam Campaign Orchestration
TLDR
For each spam campaign, spammers must gather and target a particular set of recipients, construct enticing message content, ensure sufficient IP address Diversity to evade blacklists, and maintain sufficient content diversity to evade spam filters.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure
TLDR
An opportunistic measurement technique called spamscatter is described that mines emails in real-time, follows the embedded link structure, and automatically clusters the destination Web sites using image shingling to capture graphical similarity between rendered sites.
@spam: the underground on 140 characters or less
TLDR
A characterization of spam on Twitter finds that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists, and examines whether the use of URL blacklists would help to significantly stem the spread of Twitter spam.
Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation
TLDR
This paper explores the root causes of blacklist inaccuracy and proposes two specific techniques based on this premise, dynamic thresholding and speculative aggregation, whose goal is to improve the accuracy of blacklist generation.
Understanding the network-level behavior of spammers
TLDR
It is found that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time.
Spam double-funnel: connecting web spammers with advertisers
TLDR
A five-layer, double-funnel model for describing end-to-end redirection spam is proposed, a methodology for analyzing the layers is presented, and prominent domains on each layer are identified using two sets of commercial keywords.
On Network-level Clusters for Spam Detection
TLDR
A new clustering approach that considers both network origin and DNS information, and includes SpamAssassin, a popular spam filtering system widely used today, is proposed and implemented and it is shown that this approach can capture 30% 50% of the spam emails that slip through Spamassassin today.
Temporal Correlations between Spam and Phishing Websites
TLDR
It is found that while the bulk of spam is sent around the time of the website's first appearance, spam continues to be sent for many longer lived websites until they are finally removed, and fast-flux attacks pose the greatest phishing threat.
A Quantitative Study of Forum Spamming Using Context-based Analysis
TLDR
This study examines spam blogs and spam comments in both legitimate and honey forums, and proposes contextbased analyses, consisting of redirection and cloaking analysis, to detect spam automatically and to overcome shortcomings of content-based analyses.
...
...