Click Trajectories: End-to-End Analysis of the Spam Value Chain
@article{Levchenko2011ClickTE, title={Click Trajectories: End-to-End Analysis of the Spam Value Chain}, author={Kirill Levchenko and Andreas Pitsillidis and Neha Chachra and Brandon Enright and M{\'a}rk F{\'e}legyh{\'a}zi and Chris Grier and Tristan Halvorson and Chris Kanich and Christian Kreibich and He Liu and Damon McCoy and Nicholas C. Weaver and Vern Paxson and Geoffrey M. Voelker and Stefan Savage}, journal={2011 IEEE Symposium on Security and Privacy}, year={2011}, pages={431-446} }
Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise's full structure, and thus most anti-Spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown).In this paper we present a holistic analysis that quantifies the full set…
Figures and Tables from this paper
275 Citations
Examining the Demand for Spam: Who Clicks?
- Business, Computer ScienceCHI
- 2018
It is found that the volume of spam and clicking norms in a users' network are significantly related to individual consumption behavior, and that more active users are less likely to click, suggesting that experience and internet skill may create more savvy consumers.
The Potential Profitability of Spams Traditional spamming is a lucrative business : in 2008 , Kanich
- Computer Science
- 2019
It is concluded that sextortion spamming is a lucrative business and spammers will likely continue to send bulk emails that try to extort money through cryptocurrencies.
The Economics of Spam
- Computer Science
- 2012
The history of the market for spam is described, highlighting the strategic cat-and-mouse game between spammers and email providers, and the spam market's externality ratio of 100 is put into context by comparing it to other activities with negative externalities.
ViceROI: catching click-spam in search ad networks
- Computer ScienceCCS
- 2013
Working with a large real-world ad network, the simple-yet-general Viceroi approach catches over six very different classes of click-spam attacks (e.g., malware-driven, search-hijacking, arbitrage) without any tuning knobs.
The Economics of Spam: Externalities, Market Institutions, and Strategic Games
- Economics
- 2012
Spam, or unsolicited email advertising, has been the scourge of email inboxes for nearly twenty years. Spam attempts to generate attention for a merchant’s products or services, but unlike most forms…
Suspended accounts in retrospect: an analysis of twitter spam
- Computer ScienceIMC '11
- 2011
This study examines the abuse of online social networks at the hands of spammers through the lens of the tools, techniques, and support infrastructure they rely upon and identifies an emerging marketplace of illegitimate programs operated by spammers.
Show Me the Money: Characterizing Spam-advertised Revenue
- Computer ScienceUSENIX Security Symposium
- 2011
Two inference techniques for peering inside the business operations of spam-advertised enterprises are described: purchase pair and basket inference, which provide informed estimates on order volumes, product sales distribution, customer makeup and total revenues for a range of spam -advertised programs.
There Are No Free iPads: An Analysis of Survey Scams as a Business
- Business, Computer ScienceLEET
- 2013
This paper examined the survey scam process to determine the affiliates/sponsors that are behind this lucrative scam by performing an analysis of five months of Facebook spam data and provides the first empirical study and analysis of survey scams.
Peer Reviewed Title: Spam Value Chain : Defensive Intervention Analysis
- Computer Science
- 2013
This dissertation looks into the spam ecosystem from the perspective of the attackers, in order to get a solid understanding of how they operate, and proposes effective defenses at both the advertising and click support components of the spam value chain.
Characterizing Seller-Driven Black-Hat Marketplaces
- EconomicsArXiv
- 2015
This analysis uncovers the characteristics of these two non-underground seller-driven marketplaces and shows that many top sellers belong to an "insider ring", where accounts created close to the marketplaces' launch account for the majority of the sales.
References
SHOWING 1-10 OF 74 REFERENCES
Spamalytics: an empirical analysis of spam marketing conversion
- Computer ScienceCACM
- 2009
The best way to measure spam is to be a spammer, and this study makes use of an existing spamming botnet, by infiltrating the botnet parasitically and convincing it to modify a subset of the spam it already sends, thereby directing any interested recipients to Web sites under the authors' control.
Spamcraft: An Inside Look At Spam Campaign Orchestration
- Computer ScienceLEET
- 2009
For each spam campaign, spammers must gather and target a particular set of recipients, construct enticing message content, ensure sufficient IP address Diversity to evade blacklists, and maintain sufficient content diversity to evade spam filters.
Spamscatter: Characterizing Internet Scam Hosting Infrastructure
- Computer ScienceUSENIX Security Symposium
- 2007
An opportunistic measurement technique called spamscatter is described that mines emails in real-time, follows the embedded link structure, and automatically clusters the destination Web sites using image shingling to capture graphical similarity between rendered sites.
@spam: the underground on 140 characters or less
- Computer ScienceCCS '10
- 2010
A characterization of spam on Twitter finds that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists, and examines whether the use of URL blacklists would help to significantly stem the spread of Twitter spam.
Improving Spam Blacklisting Through Dynamic Thresholding and Speculative Aggregation
- Computer ScienceNDSS
- 2010
This paper explores the root causes of blacklist inaccuracy and proposes two specific techniques based on this premise, dynamic thresholding and speculative aggregation, whose goal is to improve the accuracy of blacklist generation.
Understanding the network-level behavior of spammers
- Computer ScienceSIGCOMM '06
- 2006
It is found that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time.
Spam double-funnel: connecting web spammers with advertisers
- Computer ScienceWWW '07
- 2007
A five-layer, double-funnel model for describing end-to-end redirection spam is proposed, a methodology for analyzing the layers is presented, and prominent domains on each layer are identified using two sets of commercial keywords.
On Network-level Clusters for Spam Detection
- Computer ScienceNDSS
- 2010
A new clustering approach that considers both network origin and DNS information, and includes SpamAssassin, a popular spam filtering system widely used today, is proposed and implemented and it is shown that this approach can capture 30% 50% of the spam emails that slip through Spamassassin today.
Temporal Correlations between Spam and Phishing Websites
- Computer ScienceLEET
- 2009
It is found that while the bulk of spam is sent around the time of the website's first appearance, spam continues to be sent for many longer lived websites until they are finally removed, and fast-flux attacks pose the greatest phishing threat.
A Quantitative Study of Forum Spamming Using Context-based Analysis
- Computer ScienceNDSS
- 2007
This study examines spam blogs and spam comments in both legitimate and honey forums, and proposes contextbased analyses, consisting of redirection and cloaking analysis, to detect spam automatically and to overcome shortcomings of content-based analyses.