Spammers use PDF files in latest pump-and-dump scam

Sophos Press Release

Attachments deployed in attempt to manipulate German stock market

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have identified a German "pump-and-dump" stock spam campaign which uses an attached PDF file too hoodwink potential investors.

In a new spam campaign identified by Sophos researchers, messages are being sent to German internet users encouraging them to read an attached PDF file which urges them to invest in stock in a company called Talktech Media, who are listed on the Frankfurt stock exchange. In examples seen by SophosLabs, the PDF file carries the bizarre name sexy_ganja_report.pdf.

Internet users may not be aware that the spammers are likely to have already purchased stock at a cheap price and are trying to artificially inflate its price by encouraging others to purchase more. The spammers plan to then sell off their stock at a profit, which may cause the price to plummet.

The pump-and-dump spam message comes complete with a PDF file encouraging recipients to purchase stock
The pump-and-dump spam message comes complete with a PDF file encouraging recipients to purchase stock in Talktech Media.

"Internet users without anti-spam protection are probably used to seeing messages in their inbox telling them to buy shares in companies they've never heard of, but usually the promotions are in the form of regular text or an embedded image," said Graham Cluley, senior technology consultant for Sophos. "In an attempt to get past anti-spam filters criminals are now using PDF file attachments to carry their slick enticements for people to invest. The positive news is that a good anti-spam defense can protect against this nuisance, but the rewards for this kind of crime mean that spammers are unlikely to stop their pump-and-dump scams anytime soon."

Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from 0.8 percent in January 2005.

Earlier this year, Sophos reported how the US Securities and Exchange Commission (SEC) had suspended trading in 35 companies as they were found to be commonly referenced in pump-and-dump stock email campaigns.

Sophos recommends companies protect themselves with a consolidated solution which can defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at