Then, when the Gmail server is almost ready to give up and drop all connections, the spammer suddenly sends as many emails as possible through the pile of connection tunnels. The receiving side is then overwhelmed with data and will quickly block the sender, but not before processing a large load of emails.
It's a twist on a Slowloris attack, since "the spammer is not trying to completely disable the receiving server, he is only temporarily stressing the resources in order to overwhelm and force the processing of bulk email."
The data appears to be real, but some may be outdated such as a person no longer living at the physical address attached to his or her name in the spammer's database. The researchers notified law enforcement and sent Microsoft, Apple and others details about abusive scripts and techniques.
Vickery and Ragan intend to reveal more about the RCM operation. As Vickery put it, "There are enough spreadsheets, hard drive backups, and chat logs here to fill a book."
Sign up for CIO Asia eNewsletters.