NEW YORK -- For years, Internet spammers have used myriad domain names and countless shell companies to sell everything from Viagra to knockoff watches and handbags to pirated software.
But a new report by a team of U.S.-based computer scientists contends that the spam industry, which generates an estimated $100 billion annually, uses just three banks -- one in Azerbaijan, one in Denmark, and one in the West Indies -- to process 95 percent of its transactions.
The authors of the study, titled "End-To-End Analysis Of The Spam Value Chain," ran several computers without any spam filters or antivirus protection over a period of three months. They then waded through billions of spam e-mail messages and made hundreds of purchases of generic medicine, fake luxury goods, and counterfeit software.
Andreas Pitsillidis, a graduate student at the University of California at San Diego and co-author of the study, says the Baku-based Azerigazbank processed most of the payments for the pharmaceutical transactions.
"In particular, the number-one bank [Azerigazbank] which was the one located in Azerbaijan, was responsible for the total of 60 percent of all the spam we saw," Pistillidis says. "And when we say, 'all the spam we saw,' we are talking about roughly 1 billion messages over a period of three months."
'We're No. 1'
Alakbar Aliyev, head of Azerigasbank's public-relations department, tells RFE/RL Azerbaijani Service that the bank is striving to be a leader in e-commerce and is not breaking any laws by processing these transactions.
"We consider electronic trade to be very important," Aliyev says. "In this case, clients are trading as they wish. If this does not contradict legislation, we cannot interfere with the process. Our activity is based on Visa and Master Card regulations and also Azerbaijani laws. We have never violated these rules."
Aliyev adds that those major credit-card companies could stop the payments if they wished.
"Let Visa make a list of prohibited ways of making payments, or let the Azerbaijani legislation prohibit us from doing so. Then we'll follow these rules," Aliyev says. "But let's agree that people can make payments even on porno sites."
Pitsillidis agrees that facilitating transactions for spammers is not illegal, but adds that most banks shun such business due to the spamming industry's poor reputation and the high rate of customers seeking refunds.
"In general, there are few banks that are willing to undertake this kind of risk and even those banks that do, they usually charge their customers with higher fees exactly because their accounts are considered to be high risk," Pitsillidis says.
Supply Chains
The study also reveals the truly global nature of the spam industry, with a single transaction being handled by servers in several countries.
For example, when a customer in the U.S. purchases generic Viagra from a spam-advertised website, he or she provides a credit-card number to a completely different site that then processes the payment through a bank in Azerbaijan.
As the payment is authorized, a string of consecutive actions takes place on servers in Russia, Turkey, Brazil, and China until finally the order is fulfilled by a facility in India and shipped by regular mail to the customer in the United States.
Paul Wood, a senior analyst from Internet security company Symantec, says that in 2009 he estimated the global spam industry to be worth about $100 billion annually.
Pharmaceutical spam makes up about two-thirds of spam e-mails sent, Wood says.
Matt Sergeant, a senior anti-spam technologist from Symantec, says banks such as Azerigazbank likely make a profit of abut 3 to 5 percent on processing the transactions.
The California study also identifies the Moscow-based B & N Bank and three Latvian banks as hubs for spam-related payments. The Romanian web-services provider Evolva Telecom, the study says, hosts 10 percent of the world spam-advertising domains.
Nuisance To Some
Despite increasingly sophisticated filters, lawsuits, and prosecutions, spam has proved to be a persistent problem on the Internet. Some researchers estimate, for example, that a spammer must send more than 12 million e-mail messages to sell just $100 worth of Viagra.
According to Wood, the volume of spam has decreased from 90 percent of all e-mails last year to 75 percent in May -- but he adds that this may be the result of more targeted campaigns.
U.S. legislation allows companies to send spam as long as such messages include clear identifying information about the company, a valid mailing address, and a working unsubscribe link, Sergeant says.
Pistillidis says the problem is compounded by the fact that legislation governing spam is vague in many parts of the world.
"It's not clear what the local laws are in a place like Azerbaijan, for example. Other countries in the world are similar," Pistillidis says. "It is not clear if what these people are doing is even illegal there. As far as spam goes, the advertising of [counterfeit] pharmaceutical products is indeed consider[ed] illegal in the U.S."
Arife Kazimova of RFE/RL's Azerbaijani Service contributed to this report from Baku
But a new report by a team of U.S.-based computer scientists contends that the spam industry, which generates an estimated $100 billion annually, uses just three banks -- one in Azerbaijan, one in Denmark, and one in the West Indies -- to process 95 percent of its transactions.
The authors of the study, titled "End-To-End Analysis Of The Spam Value Chain," ran several computers without any spam filters or antivirus protection over a period of three months. They then waded through billions of spam e-mail messages and made hundreds of purchases of generic medicine, fake luxury goods, and counterfeit software.
Andreas Pitsillidis, a graduate student at the University of California at San Diego and co-author of the study, says the Baku-based Azerigazbank processed most of the payments for the pharmaceutical transactions.
"In particular, the number-one bank [Azerigazbank] which was the one located in Azerbaijan, was responsible for the total of 60 percent of all the spam we saw," Pistillidis says. "And when we say, 'all the spam we saw,' we are talking about roughly 1 billion messages over a period of three months."
'We're No. 1'
Alakbar Aliyev, head of Azerigasbank's public-relations department, tells RFE/RL Azerbaijani Service that the bank is striving to be a leader in e-commerce and is not breaking any laws by processing these transactions.
"We consider electronic trade to be very important," Aliyev says. "In this case, clients are trading as they wish. If this does not contradict legislation, we cannot interfere with the process. Our activity is based on Visa and Master Card regulations and also Azerbaijani laws. We have never violated these rules."
Aliyev adds that those major credit-card companies could stop the payments if they wished.
"Let Visa make a list of prohibited ways of making payments, or let the Azerbaijani legislation prohibit us from doing so. Then we'll follow these rules," Aliyev says. "But let's agree that people can make payments even on porno sites."
Pitsillidis agrees that facilitating transactions for spammers is not illegal, but adds that most banks shun such business due to the spamming industry's poor reputation and the high rate of customers seeking refunds.
"In general, there are few banks that are willing to undertake this kind of risk and even those banks that do, they usually charge their customers with higher fees exactly because their accounts are considered to be high risk," Pitsillidis says.
Supply Chains
The study also reveals the truly global nature of the spam industry, with a single transaction being handled by servers in several countries.
For example, when a customer in the U.S. purchases generic Viagra from a spam-advertised website, he or she provides a credit-card number to a completely different site that then processes the payment through a bank in Azerbaijan.
As the payment is authorized, a string of consecutive actions takes place on servers in Russia, Turkey, Brazil, and China until finally the order is fulfilled by a facility in India and shipped by regular mail to the customer in the United States.
Paul Wood, a senior analyst from Internet security company Symantec, says that in 2009 he estimated the global spam industry to be worth about $100 billion annually.
Pharmaceutical spam makes up about two-thirds of spam e-mails sent, Wood says.
Matt Sergeant, a senior anti-spam technologist from Symantec, says banks such as Azerigazbank likely make a profit of abut 3 to 5 percent on processing the transactions.
The California study also identifies the Moscow-based B & N Bank and three Latvian banks as hubs for spam-related payments. The Romanian web-services provider Evolva Telecom, the study says, hosts 10 percent of the world spam-advertising domains.
Nuisance To Some
Despite increasingly sophisticated filters, lawsuits, and prosecutions, spam has proved to be a persistent problem on the Internet. Some researchers estimate, for example, that a spammer must send more than 12 million e-mail messages to sell just $100 worth of Viagra.
According to Wood, the volume of spam has decreased from 90 percent of all e-mails last year to 75 percent in May -- but he adds that this may be the result of more targeted campaigns.
U.S. legislation allows companies to send spam as long as such messages include clear identifying information about the company, a valid mailing address, and a working unsubscribe link, Sergeant says.
Pistillidis says the problem is compounded by the fact that legislation governing spam is vague in many parts of the world.
"It's not clear what the local laws are in a place like Azerbaijan, for example. Other countries in the world are similar," Pistillidis says. "It is not clear if what these people are doing is even illegal there. As far as spam goes, the advertising of [counterfeit] pharmaceutical products is indeed consider[ed] illegal in the U.S."
Arife Kazimova of RFE/RL's Azerbaijani Service contributed to this report from Baku