Pump-and-dump spam replacing image spam: Symantec

A new rise in pump-and-dump spam is leading to the decline of image and attachment spam, according to a recent report by computer security firm Symantec, who observed more than 990,000 of these attacks in the past few days.

The pump-and-dump stock or penny stock spam itself is nothing new, but this technique seems to be part of the reason for the decline in image and attachment spam. Image spam is down from a peak in January at 52 percent of overall spam traffic and attachment/PDF spam dropped from a 20 percent overall high in early August to less than 1 percent of spam traffic now.

“We know that spammers are always trying to make money and they are doing it by trying to drive the price of these penny stocks up,” said Doug Bowers, director of anti-abuse engineering at Symantec.

This latest pump-and-dump trend uses highly obfuscated messages with some distinctive features including no subject line in the message headers, but rather in the body of the e-mail. In addition these pump-and-dump e-mails are sent to random e-mail addresses that includes an a lphabetized list of e-mail addresses in the body. The set of headers in the body is followed by the penny stock that is being pumped. The html for this attack is showing a new twist by inserting the price of stock symbol in “mailto:” format in a place that would usually be reserved for URLs.

“This is a new spam trend that we have noticed, so it will be interesting to see if it will grow,” Bowers added. “This is still in the test the waters phase, so this is definitely something we are going to pay attention to.”

Related Posts