IDG News Service - About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.
Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.
Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits as well as awareness of current security issues.
Those who did admit to opening a spam message -- which in and of itself could potentially harm their computer -- said they were interested in a product or service or wanted to see what would happen when they opened it.
"It is this level of response that makes spamming a lot more attractive as a business because spam is much more likely to generate revenues at this response rate," according to the survey.
One other study, conducted by the computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.
Those researchers infiltrated the Storm botnet, a network of hacked computers used to send spam.
They monitored three spam campaigns, in which more than 469 million e-mails were sent. Of the 350 million messages pitching pharmaceuticals, 10,522 users visited the advertised site, but only 28 people tried to make a purchase, a response rate of .0000081 percent. Still, that rate is high enough to potentially generate up to $3.5 million in annual revenue, they concluded.
MAAWG's survey showed that nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security, a highly complex field even for those trained in it, said Michael O'Reirdan, chairman of MAAWG's board of directors.
And some 80% of people felt their machine would never be infected with a bot, or a piece of malicious software that can send spam, harvest data and do other harmful functions. That's dangerous, O'Reirdan said.
"If you don't believe you aren't going to get one, you aren't going to look for one," he said. "If you get a bot, you're a nuisance to other people."
Interestingly, 63% of consumers said they would allow remote access to their computer to remove malware. That idea is under increasing discussion in the security community, which is grappling with how to deal with botnets. Botnets can also conduct denial-of-service attacks against Web sites, such as the ones attacked last week in South Korea and the U.S.
Some ISPs are building automated systems that can cut off a computer's Internet access if the machine is suspected of containing malware. Consumers are then given instructions on how to patch their machine and install security software. When their PC is clean, they are restored full access to the Internet. MAAWG is close to issuing a set of guidelines for ISPs on how to battle botnets.
"The best thing a user can do is patch their machine religiously," O'Reirdan said. "It's incredible easy to do."
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!