This past weekend, e-mail services firm Commtouch identified a new form of mp3 spam with subject lines meant to frighten its recipients.
The e-mail subject lines of the new outbreak included: “I’m monitoring you,” “You’re being watched,” “Your phone is monitored,” and “The tape of your conversation.”
“Preying on people’s guilty conscience with a virus is an ingenious trick of social engineering,” said Rebecca Steinberg Herson, VP of marketing at Commtouch. “The e-mail messages are written generically enough to fit almost every possible transgression one might wish to hide, ensuring that many people will open the attachments, unwittingly inviting malware onto their computers.”
The e-mail contains a password to the attachment, which is a password-protected, compressed file. The spam sits inside of the mp3 attachment and is only opened if the recipient enters the password into the file.
According to a recent study by Symantec, mp3 spam is on the rise. The study found that while PDF and image spam, which were popular spam messages earlier in the year, have decreased, mp3 spam has come about to fill the void.
Attachment names are numerical variations on “call1105-10.rar.” The compressed file looks like an mp3 sound file but is not. It ends with an “.scr” file.