Sophos, a world leader in protecting businesses against viruses,
spyware and spam, has revealed the results of its research into the
most prominent spam categories during the first six months of 2005.
According to Sophos, while emails advertizing medicines and
low-interest loans continue to irritate computer users and congest
corporate networks, dangerous new categories of spam are growing in
The research, compiled by SophosLabs, Sophos's global network of
virus and spam analysis centers, shows that the volume of company
stock scams - sometimes known as 'pump-and-dump' schemes - have
increased at an average rate of 10% each month this year,
eventually accounting for 8.5% of all spam traffic by the end of
June 2005. Unsolicited emails offering pills or medications,
including generic or non-brand name versions of Viagra and other
pharmaceuticals, accounted for more than 40% of the total.
The top five spam categories spanning from January 2005 to June
2005 are as follows:
||Percentage of reports
"Over the last six months, the usual suspects - medication and
mortgages - have remained at the top of the spam charts, but the
increasing prevalence of stock scam spam represents a worrying new
financial threat," said Graham Cluley, senior
technology consultant at Sophos. "The spammers aim to quickly and
cheaply circulate false information about a company's stock via
email, often combining it with snippets taken from genuine press
releases to lure potential investors."
Stock scam campaigns tend to run for short durations, keeping
overall volumes low. Even though some of the information provided
may be accurate, the deceptive and unsolicited nature of the
messages qualifies them as spam.
"Using companies with limited assets, these charlatans stop
advertising the stock once they've disposed of their shares, often
causing the price to fall and meaning that investors ultimately
lose their cash," added Cluley.
The majority of these campaigns employ obfuscation techniques,
using word variations such as 'st0ck' or 'stox' to avoid being
caught by spam filters. Messages can arrive in many different
formats, such as HTML or plain text, and are almost always sent via
hijacked 'zombie' PCs.
"Social engineering through email, where scam artists take
advantage of unsophisticated computer users, is on the rise and
represents a dangerous trend," said Brian Burke, IDC Research
Manager. "Stock scams, combined with traditional phishing
techniques, can result in significant financial loss for victims of
Sophos recommends that the most effective way for businesses to
reduce spam and other threats is to adopt a multi-layered defense
as well as implement a best practice policy regarding email account
usage. Users can also learn how to best minimize the influx of
unwanted email by following a few simple guidelines.
Graphics of the above top five-category chart can be downloaded