January 10, 2003

Spam dictionary-attacks and Hotmail

Andreas Bovens pointed me to an interesting Wired article on spammers doing dictionary-attacks in order to get email addresses on the service Hotmail. For those who don't know, a dictionary-attack is a procedure where tests are tried, one after the other, from a list. The spammers are testing email address after email address, one after the other, constantly, in order to find which addresses are valid. Steve Linford of Spamhaus has apparently tracked one spam-gang's attack , over months.

What most impressed me about this was the sheer intensity, the great lengths, to which the spammer was willing to go, just to get some addresses to spam:

Linford figures that in the attack he's been tracking, the spammers have hit Hotmail's server more than 52 million times. Even assuming a pitifully low 1 percent rate of live addresses gleaned from those hits, it still amounts to a significant number of e-mail addresses being added to spam lists.

The mind boggles. Over and over, 52 million+ tries, just to get addresses to spam. And then of course, once those addresses are obtained, presumably spamming them.

(math check - never take a journo-reported number on faith:
5 months * 30 day/mn * 24 hr/day * 60 min/hr * 60 sec/min * 4 tests/sec =
51840000 , more than 5 months checks versus "more than 52 million" - OK!)

That's the intensity of effort which is going into professional spamming. It's awe-inspiring.

I suppose this answers my earlier remark about the resources of a large spam business, and is establishing Spam Is 'A Thousand Times More Horrible Than You Can Imagine'

By Seth Finkelstein | posted in spam | on January 10, 2003 02:40 PM (Infothought permalink) | Followups

Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage