Spamming Ratware & How Ratware Works

Rat standing on hind feet on black and white floor
Alexander W Helin/Getty Images

"Ratware" is the colorful name for any mass email software that generates, sends, and automates spam email sending.

Ratware is the tool that professional spammers use to pummel you and me with an obnoxious email that advertises pharmaceuticals and pornography or attempts to lure us into email phishing scams.
Ratware usually falsifies ("spoofs") the source email address from which it sends it spam. These false source addresses will often smear a legitimate person's email address (e.g., or take on an impossible format like "twpvhoeks@" or "qatt8303@". Spoof source addresses are one of the telltale signs that you have been attacked by ratware.

Examples of Ratware Mailout Messages

  • "We carry the most popular medications" (peddling pharmaceuticals)
  • "You've been sent an Insta-Kiss" (phishing scam to steal your identity information)
  • "STEAMY HOT LESBIAN ACTION LIVE ON CAMERA" (peddling pornography)
  • "F R E E 60-Second MORTGAGE qualification" (identity theft)
  • "HURRY HURRY hot stock about to go through the roof" (pump and dump email scams)
  • "You have 14 new pictures" (phishing scam)
  • "Where are you?" (peddling pornography)
  • "Best Sale Prices on iPhones" (phishing scam)
  • "All orders shipped from authorized locations" (peddling pharmaceuticals)
  • V*i*a*g*r*a for cheap (peddling pharmaceuticals)

Ratware Exists to Achieve Four Purposes

  1. To furtively connect to internet servers or private internet-connected computers, and take over their email systems temporarily.
  2. Send massive numbers of emails in a very short time from those hijacked computers.
  3. To disconnect and mask any digital trail of their actions.
  4. To do the above three actions automatically and repeatedly.

Ratware is often used in conjunction with botnet remote control software, harvesting software, and dictionary software.

How Does Ratware Work?

Ratware needs to be covert, and it needs to achieve mass volumes of messages. To achieve covertness and secrecy, ratware traditionally has used port 25 to bypass most ISP email blocks. In the last five years, port 25 has now become tightly monitored and controlled by about half of the private Internet service providers.
Locking down port 25 has been problematic, though, because it also restricts business customers from running their own email services for their employees. Many ISP's with large business customers have chosen to leave port 25 open for their legitimate customers, and use other firewall techniques to shut down spammers who attempt to stealth onto their networks and send spam.
Because of port 25 and other defenses, spammers have had to evolve to other clandestine means to send their obnoxious emails. 40% of successful ratware spammers use the parallel activity of using "zombies" and "bot" computers... legitimate people's machines that are temporarily turned into spam tools against the knowledge of their owners.

Using insidious "worm" programs like Sobig, MyDoom, and Bagle, spammers sneak onto people's private computers and infect their machines. These worm programs open up secret doorways that allow spammer-commissioned hackers to take remote control of the victim's machine and turn it into a robotic spam weapon. These hackers will get paid anywhere from 15 cents to 40 cents for each zombie computer they can acquire for their spam employer. Ratware is then unleashed via these zombie machines.
To achieve mass volumes, ratware uses text-generation programs that will take massive lists of email addresses, and then send them spam messages. Because less than 0.25% of spam emails are ever successful in winning a customer or deceiving a reader, ratware must send mass amounts of spam emails before it becomes effective. The minimum successful batch send is about 50,000 emails in a single burst. Some ratware, depending on the kinds of computers it hijacks, can send over 2 million messages in ten minutes.

Only at these volumes does spamming become profitable in peddling its pharmaceuticals, pornography, or phishing scams.

Where Does Ratware Get My Email Address?

There are four dishonest ways that ratware gets email addresses: black market lists, harvested lists, dictionary lists, and unsubscribe scam lists.

Where Do You Get Ratware Software?

You will not find ratware tools by Googling the Web. Ratware products are secret, often custom-made, applications created by talented but unethical programmers. Once created, successful ratware programs are sold privately between dishonest parties, not unlike arms dealers selling weapons.
Because ratware software is illegal and contravenes the CAN-SPAM Act, programmers will not just give ratware away for free. They will only give ratware software to those who will pay them enough money to make it worthwhile.

Who Has Been Caught Using Ratware Software?

Jeremy Jaynes and Alan Ralsky are two of the most famous spammers who have been convicted. The two of them earned over 1 million dollars in illegal profit from spam.