Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have identified a "pump-and-dump" stock spam campaign which uses an animated graphic to display a "subliminal" message to potential investors.
Animated GIF graphics are composed of a number of frames, which are shown in succession. This is often used for animation on websites, but has recently been adopted by spammers in their attempt to try and avoid detection by anti-spam products.
In a spam campaign seen by Sophos researchers an embedded image attempts to artificially inflate the price of shares in a company called Trimax. However, unlike the many other similar scam emails the graphic briefly flashes up a message saying "BUY!!!" approximately every fifteen seconds.
The "BUY!!!" message is comparable to the subliminal messages that have occasionally been used in advertising and political broadcasts to try and subconciously influence people.
The pump-and-dump spam message changes approximately every 15 seconds to show a subliminal "BUY!!!" message.
"Animated graphics are being used in image spam campaigns to try and weave past filters which may be attempting optical character recognition to decipher the messages that spammers send," said Graham Cluley, senior technology consultant at Sophos. "This message tries to be subliminal, but it is questionable whether it would successfully subconsciously influence armchair investors into buying more stock. Advanced anti-spam solutions, like those produced by Sophos, are capable of protecting against spam which uses these tricks."
Pump-and-dump stock campaigns work by spammers purchasing stock at a cheap price and then artificially inflating its price by encouraging others to purchase more (often by spamming "good news" about the company to others). The spammers then sell off their stock at a profit. Sophos experts report that pump-and-dump stock campaigns account for approximately 15 percent of all spam, up from 0.8 percent in January 2005.
2006 has seen a sharp rise in the amount of spam containing embedded images, which has risen sharply from 18.2 percent in January to over 35 percent today. By using images instead of text, messages are able to avoid detection by some anti-spam filters that rely on the analysis of textual spam content.
"We have seen image spam being used around the world - not just in English, but languages such as Russian and Italian too," continued Cluley. "It's likely that more and more spam will use the technique to try and get past gateway filters, and computer users should ensure their mailstreams are defended by products which can effectively combat it."
Sophos recommends companies protect themselves with a consolidated solution which can defend against the threats of spam, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.