Following up on my posts Covert Channels in Spam and Ads: the new captchas?, here’s a new (?) idea so devious and subversive, yet so obvious, that I’m wondering why no spammer has come up with it yet. It can’t be patented… or is it?
Put yourself — just for a moment — in the shoes of a spammer. What’s your biggest problem? Right: nobody wants to read your silly ads! Why not? C’mon, you know why: they are simply unwanted. How comes then that a regular advertising company is more successful than you? How comes commercial breaks in TV channels are a lot more effective than your annoying e-mail spams?
What are they doing differently on TV? Elementary, my dear Watson: even though private TV stations are nothing more than advertising outlets, they do feature one crucial element that no spammer is currently offering: movies, music, news, shows, … stuff commonly known as content. The content is what keeps viewers hooked up, and it is the bait that keeps people glued to their TV sets, even through the commercial breaks. Viewers are actually bribed with (hopefully good) content to watch and endure the commercials. Sure, there are also channels that send only ads, but those are niche products, with an insignificant impact. Content is like the basic carrier wave, on top of which advertisement are modulated. The conclusion of this is:
If spammers wanted to attract some real attention from their victims, they’d better offer content alongside their ads.
Useful and popular content like, say, MP3 files, movies, books, warez, pr0n, etc., would do just well. Of course, that content would be pirated, as spammers can’t afford the licensing fees of the content providers. But considering that spamming is already an illegal operation anyway, what’s there to stop spammers from adding copyright infringement to the other charges that would be brought against them, should they ever be caught? In a world of shady business practices, one additional crime doesn’t matter anymore.
If spam were known to deliver this kind of popular content, it wouldn’t be blocked by nearly all e-mail providers and ignored by nearly everyone on the net. Content-enhanced spam mails could easily get many orders of magnitude more eyeballs and even interaction, than the current dumb (version 1.0) brand of spams. Successful spammers would bribe their target audience by offering them what that audience wants and craves: content, content über alles. Just like private TV channels, they would lure people to view their ads by offering them something they can’t resist in return.
So how could a spammer piggy back some useful content on top of spam? Simply attaching some music files to the spam won’t work: that is all too easily filtered out, and requires huge bandwidth resources, that a successful spam run can’t afford. And you can’t distribute movies this way. Embedding a small torrent file to some content into the spam message seems already a lot more interesting. That torrent could then point to some short-lived tracker or DHT bootstrapping nodes that they’d host on some of their spam bots; and the content itself could also be hosted on infected computers of unsuspecting Windows users (content botnets).
Alternatively, spammers could simply add some content to the websites they host (possibly via their botnets), and point to those web sites in their spam. People would normally just delete spams, but once this new method starts to spread, content junkies (who are also the best consumers and more likely to buy from a spammer), would start looking at the spams, and some may even start flocking to the spam sites… looking for content, and possibly buying the stuff that is being advertised.
Obviously, a spammer would also need to keep his botnet in good working condition, by acquiring new hosts every now and then… so some of the offered content will inevitably contain troyans and viruses. But they should not overdo this: people could also get turned off if they are offered only poisoned content.
To summarize: spammers would be more successful by providing and distributing useful content (like pirated mp3s, movies, …) through their botnets in addition to their usual drivel, because people are easily bribed to endure commercials, if they are being offered something that they really want in return.
I’ll coin the term “spam 2.0” for this kind of new spam. I’m wondering when we will start seeing it spread and clog the Internet. ;)