KnujOn to Present at High Technology Crime Investigation Association Ohio Spring Training Conference

Share Article

90% of the illicit sites tracked by are clustered at just 20 registrars which is only 2.5% of the entire registrar population. While networks of compromised spam generators, "bot-nets" are large and millions of spam emails are constantly sent, the number of final destination websites is considerably smaller, and the number of sponsors of those domains is even more concentrated.

KnujOn will present May 12, 2008 at the High Technology Crime Investigation Association Ohio Spring Training Conference (

Key facts featured in the presentation include: Since 2005 has been collecting spam samples from the public. Not to build better filters or blacklists, but rather to use them for illicit site termination, to test the Internet's policy infrastructure, and gather important statistics. KnujOn targets advertised illicit transaction websites and takes the money incentive out of the spam cycle.

Three years and millions of spam emails later we have discovered some very interesting things. Like many people, we assumed that the real source of the spam problem was finite. What is shocking is how concentrated this problem is. As indicated in the subject line, 90% of the illicit websites (fake pharma, software piracy, knockoffs, etc) tracked by us are registered at just 20 providers.

Of course the botnets that send the spam are huge in number, however the more important smaller population referred to are the actual advertised landing sites. As an example: A botnet with 100,000 machines sends a 2 million message email blast. The spam messages actually only reference 200 - 500 URI links. The URIs are often redirects that boil down to only 100 - 200 real domains, and 90% of these domains are controlled by 2.5% of the registrar population. So, lots of senders sending lots of messages herding victims into a very small corral.

There are over 800 ICANN Accredited Registrars and thousands of ISPs. Most providers are playing by the rules. The ones that are not adhering to policy are wreaking the most havoc across the web. Some of these providers merely have poor verification or auditing, others may be active partners to illicit activity and KnujOn is sorting out just which are which. The result is that all the zombie-bot generated spam drives attention to a very small subset of the Internet's infrastructure.

This situation raises interesting questions about who benefits from the sale of junk products and services and the motivations of those who allow these activities to persist. We're looking forward to discussing this and other topics in Lakeland, OH.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Garth Bruen
Visit website