Malicious Spam: The Impact of Prosecuting Spammers on Fraud and Malware Contained in Email Spam, Alex Kigerl , Washington State University

Abstract:
Spam has grown in parallel with the internet. Spam can be more than just a nuisance, it can also be fraudulent and malicious. Spam is one of the most common attack vectors for perpetrators of fraud and distributors of malware. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM Act) is U.S. federal legislation that was passed in response to the growing spam problem. Current research suggests that prosecutions under the CAN SPAM Act appear to reduce overall spam volume, as well as increase certain types of spam law compliance. However, it is uncertain what degree of impact the CAN SPAM Act might have had on more serious forms of cybercrime contained in spam, such as malware and fraud. The present research sought to address this question by assessing the impact that prosecutions of spammers has had on a sample of 5,490,905 spam emails sent between 1998 and 2013. Machine learning and data mining techniques were used to build one measure of fraud and two measures of malware distribution contained in the spam sample. Findings suggest little impact of the CAN SPAM Act on fraud, but a possible deterrent impact on malware. More damages judged against spammers and more arrests of spammers appear to be associated with fewer malicious links contained in spam. It is suggested that future research look at prosecutions of offenders committing fraud and malware distribution directly to further examine these effects.