Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have
identified a "pump-and-dump" stock spam campaign which uses an
animated graphic to display a "subliminal" message to potential
investors.
Animated GIF graphics are composed of a number of frames, which
are shown in succession. This is often used for animation on
websites, but has recently been adopted by spammers in their
attempt to try and avoid detection by anti-spam products.
In a spam campaign seen by Sophos researchers an embedded image
attempts to artificially inflate the price of shares in a company
called Trimax. However, unlike the many other similar scam emails
the graphic briefly flashes up a message saying "BUY!!!"
approximately every fifteen seconds.
The "BUY!!!" message is comparable to the subliminal messages
that have occasionally been used in advertising and political
broadcasts to try and subconciously influence people.
The pump-and-dump spam message changes
approximately every 15 seconds to show a subliminal "BUY!!!"
message.
"Animated graphics are being used in image spam campaigns to try
and weave past filters which may be attempting optical character
recognition to decipher the messages that spammers send," said
Graham Cluley,
senior technology consultant at Sophos. "This message tries to be
subliminal, but it is questionable whether it would successfully
subconsciously influence armchair investors into buying more stock.
Advanced anti-spam solutions, like those produced by Sophos, are
capable of protecting against spam which uses these tricks."
Pump-and-dump stock campaigns work by spammers purchasing stock
at a cheap price and then artificially inflating its price by
encouraging others to purchase more (often by spamming "good news"
about the company to others). The spammers then sell off their
stock at a profit. Sophos experts report that pump-and-dump stock
campaigns account for approximately 15 percent of all spam, up from
0.8 percent in January 2005.
2006 has seen a sharp rise in the amount of spam containing
embedded images, which has risen sharply from 18.2 percent in
January to over 35 percent today. By using images instead of text,
messages are able to avoid detection by some anti-spam filters that
rely on the analysis of textual spam content.
"We have seen image spam being used around the world - not just
in English, but languages such as Russian and Italian too,"
continued Cluley. "It's likely that more and more spam will use the
technique to try and get past gateway filters, and computer users
should ensure their mailstreams are defended by products which can
effectively combat it."
Sophos recommends companies protect themselves with a consolidated solution which can defend against the
threats of spam, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.