IDG News Service - About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.
Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.
Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits as well as awareness of current security issues.
Those who did admit to opening a spam message -- which in and of itself could potentially harm their computer -- said they were interested in a product or service or wanted to see what would happen when they opened it.
"It is this level of response that makes spamming a lot more attractive as a business because spam is much more likely to generate revenues at this response rate," according to the survey.
One other study, conducted by the computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.
Those researchers infiltrated the Storm botnet, a network of hacked computers used to send spam.
They monitored three spam campaigns, in which more than 469 million e-mails were sent. Of the 350 million messages pitching pharmaceuticals, 10,522 users visited the advertised site, but only 28 people tried to make a purchase, a response rate of .0000081 percent. Still, that rate is high enough to potentially generate up to $3.5 million in annual revenue, they concluded.
MAAWG's survey showed that nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security, a highly complex field even for those trained in it, said Michael O'Reirdan, chairman of MAAWG's board of directors.
And some 80% of people felt their machine would never be infected with a bot, or a piece of malicious software that can send spam, harvest data and do other harmful functions. That's dangerous, O'Reirdan said.
"If you don't believe you aren't going to get one, you aren't going to look for one," he said. "If you get a bot, you're a nuisance to other people."
Interestingly, 63% of consumers said they would allow remote access to their computer to remove malware. That idea is under increasing discussion in the security community, which is grappling with how to deal with botnets. Botnets can also conduct denial-of-service attacks against Web sites, such as the ones attacked last week in South Korea and the U.S.
Some ISPs are building automated systems that can cut off a computer's Internet access if the machine is suspected of containing malware. Consumers are then given instructions on how to patch their machine and install security software. When their PC is clean, they are restored full access to the Internet. MAAWG is close to issuing a set of guidelines for ISPs on how to battle botnets.
"The best thing a user can do is patch their machine religiously," O'Reirdan said. "It's incredible easy to do."
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts