Earlier this week, researchers from UC Berkeley and UC San Diego released results of an operation in which they infiltrated the recently shut down Storm spam network. There were two parts to the study: one measuring the conversion rate of spam emails, the other studying the propagation of Storm's botnet through malware. The researchers set up dummy sites mirroring Storm’s pharmacy sites, which cater mainly to the male enhancement scene, simulating transactions just until checkout. The study found that it takes 12.5 million spam emails to generate one sale. After 26 days, the researchers’ botnet had sent out over 350 million emails, out of which only 28 turned into would be sales, totaling $2,731, an average of $100 per
Extrapolating those figures, the researchers believe that the network produced $3.5 million a year in revenue.
The researchers gained control of 75,869 hijacked computers, 1.5 percent of the Storm network.
One in ten people clicked on links that would normally download malware to turn their computer into a zombie bot. The researchers believe that between 3500 and 8500 bots are created daily. It is estimated that at its height, between 500,000 and 1 million computers were infected with Storm bots.
Internet security group Marshal believes that it costs between $5-$10 to send a million spam.
It must also be said that the Storm network was apparently dying during the period the study was undertaken, so results might have differed when the network was at its height.
Also this week, a major source of spam, the McColo Corp., who housed the master servers of some of largest spam networks, including Srizbi, Mega-D, Rustock, Pushdo, and Warezov, was shut down after an investigation by The Washington Post’s Brian Krebs. It is estimated that 75 percent of all spam originated with McColo; in the 24 hours after its shutdown, the amount of spam was reduced from 30.1 per second to 11.9.