Lessons From McAfee's S.P.A.M. Experiment

McAfee's month-long S.P.A.M (Spammed Persistently All Month) Experiment has ended, and none of the participants have received their Viagra, real estate deals or millions from a Nigerian bank.

Then again, it's not like they were expecting to get that stuff.

McAfee (NYSE: MFE) hired 50 participants from 10 countries by placing ads on Craigslist, including the U.S., to spend one month surfing the Web unprotected. They were given brand new Dell laptops with only basic McAfee antivirus software, which the participants got to keep as payment for their involvement.

Throughout the 30 days, the 50 guinea pigs wrote of their experiences on a blog, often having a lot of fun in the process. For McAfee it was serious business as it helped the company learn some new patterns of behavior.

When it was over on June 1, the 50 participants had received 104,000 unsolicited messages, which comes out to 70 messages a day each. All of them saw severe degradations in their computers thanks to spyware installations, but it also taught them that spam isn't just a nuisance, it's dangerous.

"I really didn't quite know what spam really was," said Tracey Mooney, a mother of three from Chicago. "I knew it was annoying, I knew there were a lot of ads for things they were trying to get you to purchase, but I had no idea a lot of it was trying to get your financial information so they could steal your bank account or your money."

Many of the spam messages received were phishing e-mails trying to get personal information like bank account numbers, social security numbers, usernames and passwords. One new wrinkle: they also want your cell phone.

"One thing we had not anticipated was the amount of spam requesting SMS (define) or mobile numbers as part of the confirmation process," Dave Marcus, security research and communications manager for McAfee's Avert Labs, told InternetNews.com. McAfee provided fake phone numbers for the spammers, anticipating some kind of mobile spam, but it has yet to bear fruit. P>Probably the biggest surprise for Marcus was foreign language spam. "I could not have said this a year-and-a-half ago. It was still 99 percent English language spam. But now we're seeing massive amounts of English, French, German and Portuguese. It's not equal to English but certainly a developing trend.

Of the 104,000 letters, 23,233 were English language. Second was Brazilian Portuguese with 15,856. Marcus said that's because Brazil embraced online banking early and is widely used in that country.

"Brazil is a unique part of the world for cybercrime," he said. "Brazil sees more password stealing than any other part of the world. Since malware is all about money these days it makes sense that people who do more online banking than anywhere is are going to be a target."

This article was first published on InternetNews.com. To read the full article, click here.