How do spammers spam?

Oct 24, 2005

Updated • Nov 4, 2017

Richi published a great introduction on how spammers actually send the millions of spam mails every day. He begins the introduction by explaining that there are two dominating ways to send spam emails. traditional and viral

The traditional sending occurs either from local broadband connections, often by using bot nets, that is computer systems that are under the control of the spammer, or even from server farms. Sending out 10 million spam mails that have a size of about 100 Gigabyte in total takes up to five hours on a T3 connection for instance.

The viral spammers use trojans and malicious software to infect computer systems of Internet users to turn the systems into bots that they control to send out the spam using the local connection.

It is easy enough to push out a huge number of emails in short periods of time. While individual server connections may be sufficient, distributing the load to multiple computer systems or servers has the advantage that blacklisting becomes more difficult, and that the sending is even faster.

You might have heard that the Dutch police recently captures three spammers who infected up to 1,5 million computers.

Update: So called bot networks are still a huge problem on today's Internet. Using zombie PCs is a cost-effective way of sending spam messages to billions of users. Users new to the concept of Botnets should read the Wikipedia article on the topic for information on how botnets operate.

The Redtape Chronicles published a 3-part series about botnets that makes another good read. It consists of the three parts "Is your computer a criminal", "Virus gang warfare spills onto the net" and "Who's behind criminal bot networks".

It is a long read but well worth the time if you are interested in the topic.

Botnets back in 2007 were often between 50k and 70k PCs strong. The operators leased out the computing power of their network to spammers, often making $5000 or more per day in the process.

Botnets in recent years have grown considerably in size. The Conficker botnet for instance was said to have control of up to 10 million infected machines.

Malicious software is usually used to recruit new PCs into the botnet. This may include exploiting browser or operating system vulnerabilities, or by embedding viruses into legit software that users install on their systems.

It is imperative for computer users to have proper protection on their system, at the very least a real-time antivirus software, and a hardware or software firewall. Additional tools such as Microsoft's EMET or a second-opinion scanner such as Malwarebytes Anti-Malware Free do not hurt either.