Experts at SophosLabsâ„¢,
Sophos's global network of virus, spyware and spam analysis
centers, have discovered a pump-and-dump spam campaign that is
attempting to manipulate share prices through MP3 music files.
Files posing as music from stars such as Elvis Presley, Fergie and
Carrie Underwood actually contain a monotone voice encouraging
people to buy shares in a little-known company.
Emails seen by Sophos often contain no subject line or message
body but have attached to them an MP3 file typically named after a
popular music artist.
Some of the filenames used include hurricanechris.mp3,
allforone.mp3, carrieunderwood.mp3,
elvis.mp3, baby.mp3, fergie.mp3, and
bbrown.mp3.
The voice on the MP3 file, which is randomly altered in an
attempt to avoid detection by anti-spam filters, says the
following:
Hello, this is an investor alert
Exit Only Incorporated has announced it is ready to launch
its new text4cars.com website, already a huge success in Canada, we
are expecting amazing results in the USA.
Go read the news and sit on EXTO. That symbol again is EXTO.
Thank you
Exit Only, Inc is a company listed on Pink Sheets that runs a
website marketplace for new and used motor vehicles. Some of the
MP3 files repeat the message twice, rather than once.
"Users may click on the MP3 file expecting to hear Elvis, but
they'll be all shook up when they discover it's actually a voice
resembling Marvin the Paranoid Android droning on about a stock
that is set to be the next big thing," said Graham Cluley, senior
technology consultant for Sophos. "The spammers are already likely
to have purchased stock on the cheap, and they are now trying to
artificially inflate its price by encouraging others to purchase
more. Once the stock rises, they'll quickly sell up, leaving the
duped investors crying in the chapel. Thankfully though, it's hard
to believe that many internet users will fall for such an
amateurish presentation of an 'investor alert'."
The MP3 file encourages recipients to buy EXTO
stock.
Sophos experts believe that firms should consider policing the
types of file which come into their networks via email.
"Although the spammers seem to have quite a fair bit to learn
about machine-generated sales patter, some companies might consider
blocking all MP3s in email as a matter of course," continued
Cluley. "So many music files infringe copyright, and it can be hard
for a company to establish which ones are legal and which aren't
after they've arrived. Blocking MP3s, or at least quarantining
until requested by the user, can be a good way for a company to
take a proactive stance against the use of email for illegal file
sharing. It also has the benefit of neutralising this sort of spam
at the same time."
In July 2007, Sophos published
its Security Threat Report, examining the latest trends in spam,
malware and hacking. The report described how spammers were using a
variety of techniques to spread their unwanted messages and
manipulate stock prices.
Sophos experts report that pump-and-dump stock campaigns account
for approximately 25 percent of all spam, up from 0.8 percent in
January 2005.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.