How to Stop Spammers: Focus on Money Going Out, Not Spam Coming In

By Veronique Greenwood | May 25, 2011 11:52 am

The spam ecosystem.

What’s the News: Every day spammers are thinking up new ways to offer you “vIaGrA,” whether you have any interest or not, and spam filters have a tough time keeping up. Researchers studying what they call the “spam ecosystem” have outlined the processes and services spammers use in committing their nefarious deeds—going as far as to actually buy stuff in order to identify what banks they use—in hopes of finding new bottlenecks where regulators can disrupt spammers’ business model. Their findings? Hit ‘em where it hurts: their bank accounts.

How the Heck:

  • The study, which was presented at IEEE Symposium on Security and Privacy, examines the different levels of infrastructure spammers use, from site hosting to advertising to processing payment. The team collected information about spammers from hundreds of emails, unpicked the elaborate food chains that make the business model possible, and bought goods from some of them (somewhat surprisingly, they actually got most of what they ordered).
  • It’s not hard for spammers to change their IP addresses or get new domain names once email programs block them, the researchers note. It only takes a few hours, at most, and a few bucks. But there aren’t that many banks willing to do spammers’ dirty business—the study found that 95% of the spammers examined used just three banks: DnB Nord of Latvia, St. Kitts & Nevis Anguilla National Bank and Azerigazbank (Wells Fargo was also implicated). And getting a new account set up can take days and may be difficult once a company’s been banned.

The Future Holds:

  • Clamping down on spammers’ bank accounts would definitely hamper their efforts. But spammers shunt those who click on their links through a labyrinthine system of IP addresses in different countries (see image above) and have banks based in various places. This would make it difficult to navigate the maze of laws governing spam, especially as not all countries have legislation concerning it.
  • Instead, the researchers suggest that regulators could cut off spammers’ income by setting restrictions on users’ own cards, which are overwhelmingly based in the United States. Visa and Mastercard, they posit, could automatically refuse to settle any payment to a bank account of a known spammer. While this idea raises a number of issues (civil liberties, for one), the researchers point out that such restrictions already exist to keep people from making some kinds of payments in online gambling.

Reference: K. Levchenko, N. Chachra, B. Enright, M. Félegyházi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, A. Pitsillidis, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. Click Trajectories: End-to-End Analysis of the Spam Value Chain. Proceedings of IEEE Symposium on Security & Privacy 2011.

Image credit: Levchenko et al.

MORE ABOUT: internet security, spam
  • Martin

    I don’t think you can stop an international hacker group by closing down some bank accounts. As long as there is money to be earned, there will always be banks that want to make the business.

  • John

    Trying to stop spammer’s income streams will be no more effective than was Prohibition or the current laws against illicit drug usage. Those with wants will always find a way to the product. Similarly, until the morons who click without regard to the consequences are educated, spam will continue essentially unabated as it finds new ways around governments.

  • Weygold

    Bank accounts do not need to be closed, nor do users’ credit cards need to be altered to prevent purchases from spammers banks. The mere threat that VISA will stop doing business with a certain bank will cause that bank to deal with their spammer customers.

  • Spammer

    I’m a legitimate email marketer, and I’d love to see the botnet-spam die.

    But you should be careful what you wish for. These guys spam with their botnets because its the most profit for the least effort. They need a bank account to spam, but not to do other things.

    If they choose to engage in operations like a mass DoS attack, mass hacking of people’s computers, or mass hacking of legitimate websites or government computers, many worse things can happen.

    Having a few illegitimate viagra and rolex salesman might be the lesser evil.

  • duty free shop

    Hi, i believe that i noticed you visited my site thus i got here to ?go back the prefer?.I am trying to to find issues to improve my website!I guess its ok to make use of some of your ideas!!


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar