RealTime IT News

Lessons From McAfee's S.P.A.M. Experiment

McAfee's month-long S.P.A.M (Spammed Persistently All Month) Experiment has ended, and none of the participants have received their Viagra, real estate deals or millions from a Nigerian bank.

Then again, it's not like they were expecting to get that stuff.

McAfee (NYSE: MFE) hired 50 participants from 10 countries by placing ads on Craigslist, including the U.S., to spend one month surfing the Web unprotected. They were given brand new Dell laptops with only basic McAfee antivirus software, which the participants got to keep as payment for their involvement.

Throughout the 30 days, the 50 guinea pigs wrote of their experiences on a blog, often having a lot of fun in the process. For McAfee it was serious business as it helped the company learn some new patterns of behavior.

When it was over on June 1, the 50 participants had received 104,000 unsolicited messages, which comes out to 70 messages a day each. All of them saw severe degradations in their computers thanks to spyware installations, but it also taught them that spam isn't just a nuisance, it's dangerous.

"I really didn't quite know what spam really was," said Tracey Mooney, a mother of three from Chicago. "I knew it was annoying, I knew there were a lot of ads for things they were trying to get you to purchase, but I had no idea a lot of it was trying to get your financial information so they could steal your bank account or your money."

Many of the spam messages received were phishing e-mails trying to get personal information like bank account numbers, social security numbers, usernames and passwords. One new wrinkle: they also want your cell phone.

"One thing we had not anticipated was the amount of spam requesting SMS or mobile numbers as part of the confirmation process," Dave Marcus, security research and communications manager for McAfee's Avert Labs, told InternetNews.com. McAfee provided fake phone numbers for the spammers, anticipating some kind of mobile spam, but it has yet to bear fruit.

Probably the biggest surprise for Marcus was foreign language spam. "I could not have said this a year-and-a-half ago. It was still 99 percent English language spam. But now we're seeing massive amounts of English, French, German and Portuguese. It's not equal to English but certainly a developing trend.

Of the 104,000 letters, 23,233 were English language. Second was Brazilian Portuguese with 15,856. Marcus said that's because Brazil embraced online banking early and is widely used in that country.

"Brazil is a unique part of the world for cybercrime," he said. "Brazil sees more password stealing than any other part of the world. Since malware is all about money these days it makes sense that people who do more online banking than anywhere is are going to be a target."

France and Germany were the two countries that received the most foreign language spam, with 11 percent and 14 percent respectively, but numerically they got the least amount of spam. France received 2,597 letters total and Germany got 2,331 letters.

The spam was relatively clean; only one to four percent had some kind of malicious software payload, like malware, attached, according to Marcus. That's not surprising because attached malware is more likely to get caught and spammers want their letter to get through.

Next Page: Erectile dysfunction drugs and Rolex watches