Search Engines - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Search Engines


Biggest Pump-and-Dump Scam Ever Spikes Spam 445%



 By: Lisa Vaas
2007-08-10
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Search Engines story.


Rate This Article:
Poor Best
The largest spam scam ever tracked increased the spam count by 445 percent in one day.

The largest spam attack ever tracked wound down Aug. 9 after delivering enough big, fat PDF files to increase total spam size 445 percent in one day, according to Postini, a hosted e-mail filtering company thats been tracking the attack since it started Aug. 7.

Postini tracked a 53 percent jump in spam volume from the day before the attack started to the day it launched, according to Senior Marketing Manger Adam Swidler, in San Carlos, Calif.

Why it stopped is a mystery, but more than likely it wound down because it was a spam run being conducted on a rented bot network, Swidler said. "Presumably … [the] rental time ran out," he said.

How much would renting that botnet have cost? PandaLabs recently released research into the malware market. It suggested one scenario in which a criminal could buy a Trojan for $500, a 1 million-address mailing list for about $100, a $20 encryption program, and a $500 spamming server. The total outlay in this theoretical example would be $1,120. (For PandaLabs screen grabs showing what the market looks like, check out the slideshow.

The attack entails a straightforward pump-and-dump spam scam with no virus payload. Experts at SophosLabs said they had detected around 500 million e-mails with PDFs that recommend buying the stock of Prime Time Group.

Resource Library:
Click here to view an eWEEK slideshow on how the gullible get sucked into "scam-spam."

Writing on the Sophos blog Aug. 8, SophosLabs Director Mark Harris noted that the PDF is actually 10 pages long. Toward the end of the file it contains random characters, which Harris suggested might be an attempt to fool simple checksum detection.

Prime Time, the subject of the stock pump, did see its stock rise 60 percent as of Aug. 8. It was up 20 percent as of Aug. 9, compared with its pre-spam scam price.

The stock fluctuation clearly shows that pump-and-dump scams work. "Taking a look at the stock price shows why these campaigns continue," Harris wrote in his posting. "The share price of this particular company has risen by 60 percent since [Aug. 3], so while recipients of this type of spam continue to try and profit on these Tips stock, spam will continue."

Pump-and-dump scams are a numbers game, Swidler said. While there are people who might well believe whatever the spam author tells them as to the value of the stock, there are also plenty of people who know what the spammer is up to and just decide to ride along, buying stock and then hoping to ride the increase and then cash out before the stock gets dumped en masse, he said.

To read more about why we click on spam, click here.

The spammers might be long gone by now, in fact. "The stock was up 20 percent [Aug. 7]," Swidler said. "The spammers might have gotten out when they made 10 percent profit."

Postini is also tracking a prolonged virus attack that started July 16 and is still under way. Ninety-nine percent of the activity can be traced to delivery of the Storm worm.

The Storm worm, aka the Peacomm Trojan, initially wreaked havoc via a massive spam e-mail attack in January, and then in February spawned a variant that used instant-messaging platforms to spread.

During the week of April 9, researchers noted the return of the Storm worm, as more than 2 million spam e-mails arrived carrying the latest variant. The initial wave of spam used recent real or fake news headlines to convince users to execute malicious files, while the later Storm surge used e-mail subject lines claiming "Trojan Detected!" or "Worm Activity Detected!"

Postini has seen about 715 million e-mail messages—or about 30 million daily—carrying the Storm worm since this most recent attack began. Thats about 30 times the amount of Storm e-mail messages tracked prior to this particular attack. Now ongoing is a blended attack: instead of attaching the virus as a payload, the e-mail points to a site thats hosting malware, which then gets downloaded to the victims system.

If youre wondering what the spam scam attack and the Storm attack have in common, its the rise of the botnet thats at the bottom of both, Swidler said.

Read here about the new tool Symantic is using to bat botnets.

"[Botnets are a] big reason, if not the primary reason, why spam is up so dramatically," he said. "Its up 51 percent over the beginning of 2007. Since September 2006, the volume has increased 161 percent."

Specifically, botnets are responsible for both sending out the spam e-mail and for sending the viruses that infect systems and make them easy prey for being recruited as bots into bot networks, he said.

Postini thinks it will get worse, given the upcoming holiday season and the traditional spike in people going online to do their holiday shopping, Swidler said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Biggest Pump-and-Dump Scam Ever Spikes Spam 445%
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Search Engines Articles          >>> More By Lisa Vaas
 


x}ks8q8c=mG-9֎my-%L*EB%);'ΗSOx%ɜbK@7Fw?Hpur&56%3E}"Iͽ{#(~p(IFA)v@{iFuۚ8A&pTwd>J`OS{SM)&Ӱ5Y |/[3}BF7\3Ѣb ^Pk$ȁ_MMJGD>֥ȏL׶cշ8>vP ߩUaÙO,}!*{>"e%k4݋ʏIGO(ɀYFz.Qu^Vٮq4]b'*cO^3jb㥨 aP`\9t} ^ G&lw&"ScO$ӡNfI% 0Q#@ڮSVHf̲;o tG ob}uק&[! bS 3MuN_FB?¥05?GуN8CEnOU[۾twyDfrt˜HJo~cns(p}=\'BL}:n/GEӝÌfؖqWth(ݱV*Z]QKrP);?Wcm9NeW4wFs˯ j^~pdv4򺮕CM;;yԼ}  d}+5*%`ZJdz4_S::y\B,=DF n|%rX>,ivdf1{PdXIc/YTU9Df9vNmҹtnotNOn3do̲5<ZMӀ Zvb#?[ V۳5mݻ퓳 iw>vO;}dO't6 +?;VU'_ZUCp=['^=:$~<=kh`cR^9 ?{O2 'SRdt*A|pyA X-t[;WRH }yp#FX*,>Ja͢4-I`ߖIf@w[)@( +:YKS7B3_?}p a4F@Lu&h)5?&FȚb.L22z)mZ—W/(AK/-ڊ5f>]Q4{3Bɽ`g@ɋ BD4?CC0!pl/\~_L.ÓQwWڲ9Q[ kK\M흛ǘ\zLgMM׽~?]vLqJjhX.B2iKB0.pkۛZz_@r /*r[h S2ud8԰1nұ>âxaAgIy|FMk>ktI=DC#ɠ:ڴ\VS4!&-Ѐ 'pbdx: # 0f4LH#wC۠h&rkIO7.[A0? { O`p\&{ xk= `Dy+wKGHb1LTM@#AX]7$>(@+9=PnȲc@|j Jg:;r%Ea1CEاI.B$(ZȻ"!Aly [$t XV0(VF쎄J9mW*lJe wJsvn2V{TKh!+K@fsfd(4{~4 cbB|#'fXr`Y \d+|i)lc ը[6؛ri:|:ioBg< 0uy=[IZ-z'$mLSF0pql0}h7,kSχ +L+f9N)A\_XHL{nlSr`8) 0:|Ch2iM?g[,:L:%qGnz]:0s> k2'yv=g.Q1juϙܑm˹ϕ ߄V 9u# \ă r}͚X 4ؐ9|&B77&7O)wz@aex**#wT4tj~#JCݼ~hé;h{q#%MAw=e河@uXKnuooI8T*ۥa]hk%R:d7Bɶ/^¢xmP2D֑Rkϥò=6PcD62Cin Qy]{8dO17l`(`R5))KaW4E%sXf&`ܱ &P wS~8;[0P!k^GgVu<]|$}r;C6]?C)8y<2M APSt @Iu5烆7@ƅ/k%|c*8tǙgpp0uׅ=% ._8g7i+@oLsCm0 ǖ "~\GM{R^ 0iTW+JIU?I?րH{A2,exY.5mI]v 'YwIS7Ϗ9(gd%d)'HV/굄fjhUUԎjV͎^{}|8=edLQp1< _WϷZfe^:-wA!m^Zds||ujN8elCc>eLZrlxTa+`v*w6Jh)YS!RW dĞee[EtkC鳨 |jsHpDL+ 0RsIl xv@̬[1@j3m94c~('cjZ% XBbk>aL:klCs0X3f~+u08 LBw lܓ@^3_?J} [Lߴ@V1m0=̞̝A-mۨX9)6l P; `EOwDF3۽Dpwԫ0wMOT%0=@" c].g}]٘y֩4>ʐ>hxG2gdY JhUm{\ cw2|]>?/$,Rd#q g@Vf2U+WkU"m=, =X Z=6~ z|IcEihx _(OU?2FRo[TrTS+JJgQ!WvI#'"ZAY_Mkɒ8khs%p B0_\PF.^%R2i$yF(%%Kgo@PlXC=B3tMnio.ZWk26aI3I9` {iO4c3gF*ݔ;YꇪsVR$gI; g?amE:JbI2N=ym5umf`<#ɟ?9qwP7| o>eM+v@lkZpW|L2M: j>e!eO*lWJtX8]HX9H(P+ Yx]!6p), ~?Н :wo&cr?iz%<8W{T ,j~ypՖ~t1}L@IP 4 7=&Y#O2nwK7ms6<-odF4z7.iwOUGJ:7]w9&Q!.﯎XF}9nOM1k0vhRbA 1fF<$FMT!PR2.v3 U/Vs>\zF_j,<9EψaZ4ZGS/q Bf-.3ۿ|CCZΎy,(@RPOh[#ES|b;3^Zhh !:Ua2"(BS.iDOg49ݴ8Sj7 EW%'k'{-:}mF1џ` e܃Ţ.WVz[k'I‐I NAn|p_<Ġc9r 7?%E٦z;7Gdj&ubNL5W"ȶv-{t1݇QLwʩߣt: e~=m1겨vC%L<1GN)gtJēs%=)jښIմg"8I5F4A2 uID? Mt5DPW Hق[W5=ܻ8^]ҽ|s<:RpDD2à{ں&B}XyKOv$Ťb%h4eW:Bzc?<-)tx1 fҮzX,гO5nf}z@Q-gFq?Kmظ2UT(sX6 w{B s?ݡCO6v=ICo6FG2aucJA095~Dϝπ(|@S\$k@" b]_BI{Oz[N Ħ712~1O O=qԱفȓǮCX ?*4lo`zS`[ʅRH3ad<$J6˶wVpN Ϧv_ O%FJ ,Q`mZ؎9%/hvpmU4bZy"N0 So[1΢ Imi|o(o'򽥎xk6) kNW&/6o).wi{\nEaQn(^ hލ|"t(u©KtZ:a8[&?5#,e6RV)&L3+dXZ\T!lr5wtxU5%?|n$ kWqV>L1f#!J^GЙ~`[ECeit kXz̃ : Y:'#e:^8": . 1cvcϨ0b‚o# וȶ@dBtt,8%6 unuFg#/qǗD= 1Qڶ5AGf„ߙM)CXPe\w X %  JzZ|cـbsC]2 R{:k9=ϵlPd(#G &aA$!903czZRh͝Kvݵ3=\Q____5>߯諗wu%bnl'tֽk΀ĭrV8\ʷ9^BaVT`ljNe#E(-\zXI,uH#)YTdM=|M̳GJ $N:ΪlR \XH.Jp WaK<+ FH^%V, 4$ [1l4-Y=B;@.:_Z_mقZFdazOQN5&ꆲlKݲG}i߁T仺1]5IE[j]RIW{7bXe4#w0G.Zʞ T <)SkcBM]$_dSH D )p_tB-hi|[2Y 1u`(Ayšz|%`4<=]Xi{R4w}cK֩6p c'OkBKX#u?Dٳ@iC0@;[4ƅ J6Ax]q/Hl(uҞOd>KZ\v\㥱OG0Ӽ{uq߷aQ1\j۝A zK)oaZJ^ f5> CB";zHVFn~l!@RHD bܷEm?M7;º.])׏wDwCt"G -.W\_.uQ>g(1. G`gɶHtAi hoksۚ[5]oal)v:eL; oìAK` VnLRm*F<\k(o]ت?Jd9e=mƱM/:&{6c~ ܱoE`Ռv(r=Jͼҵ(At5Hk){.:K`?* ^P F"+ly/Ϋ_ꛜ sfnzrMD%R|6 eƿ=h0Woi[yܮkn{TZ9a y/Ll6fb<^iI-=ڶ/h P|F8?-c ՙfxQ񧑼ȪhF̊>t)ۼRrwjp,_BۺجN !(2@44kI/NI&8ǦptьSqD'o>XzO"D"GK)z^&=_}d|M7 5Z^v_ڋK۪_9kuߒ`2Y˶뿓$}%e1k?A1DKb@/]j}Lҋ'0&;Q3]]^h=T60 8~~ʁV?P,V=Y+ ZI8O:$dQ^@x8n g{O{[]Ѥ$ <]Tv{" (V#=tߕx.&"Z(R^q'dPbL4#zȮ@]o^]я TmS_^| _Cb`W0m+`RcWF%3z J 0gCX^qL>0&I=~4Gcu\_QS[?Z/[#rd! `,%7vEahD]bɤ3=^R_V6`xzf.jsh*b4KB-''5}L1E%` Zk^gYJ+Șzaj=! c⭢TAN9-S5RUBI EZk>A5R9}nZbfƆX50Vz^3vX5nVڹ貣q)y,y-Jtk 6fLµA*d 8IVSDc>QU"cmCZ~RQߡ挟ܿWVRer@[ˁUC!?r 9`V=L0lY&rP=@%K.&ڰkbD))o3윶FcˠOkטPħ#5)W'nyVmIz .kx>aDR~V7n kjݗ:ҡ;+q,ᶭMCh% 7-d`(8N!<|dTkVyKb?{rufـjEl~%:td6ɽ:&&sُp\3'&ΐ௅oX{+$ʽOg-̍"uFf!&T) `NNV\unsG@F>;G}m!y;gYFRAh,(:ߩ1u>G6uE)dɃ1T"aKG\vSfU?#7,>1[>B$!ir3?/7W}P)a#{~L- Dô"c)41GJ[!1}ɹgM:vJE< ,iM YC)y) II!5S"`" a9=g3bw Ɇ{8 {k&(?,p֏D {GLƙ;fSٙgӚ $U,@3 "PV: ![C P?5DF·:%_sh8uXg Sa|L?gqxO^F 3+ļf)u n9 :j@ g>򽉑0u 32C´vt\/oB<ⱴP <'<,=7,Xzoj Bh),f,՚RD&u]C !2,S=VJ<{hAuLTn)UHS / (HZ W}O1w t0 c3brLun ZYMCN7AwEN:[<„m[4z?N9??u:7ݫ&*,|i5ۼW6xteAήZf)LlSgµ,"^ûKwE 3@cqq^ L;;O;@)Qe;ʋ qW~4ab ^)o7~_˧VRk!>m?gg:^Z9u.65BA5^[+!QqYmn¸~(hO1u:fdRR `Nj__ל(Y_~NmS>X_;9P~ sC9?/?vmC9CL*/B~N'(_ٮy3>e2>2@\9_^%e^?攟CyNߠo9P~S{3W ?W9sw3~=/=?/9q _s?}?P>G(W}#cn66oۜons/=IR<9k]T$RhK "S^9,r%{'sg+i^WKͮ0TntKL쵆cn-:AbCa/! c|U$X2M&#(R^>Ȧc˼=>w懴Ixմ] &J2˯-cENz9.~QFxdB$h{U26#{"̳1$%Y#/ܻGzʉnS'/\2A<̎3nOArr mv3}^ća^كo ҹj] [;35J쓭? }F`ͼTB$pF;w_a%a/xI?{1 EL=#jhN_i{m M\wƟn ؑ)xT-kZYoZԪ俊{4n`8 "(SDdU:.UJ0XR^9Q(Fuoo*F0njE=u'a0V1;BDO"OӉ;fC$dWeL ,$ŋtaSOp^Wv"H0~Y$P&`!֞.^G$-w `1Ǥi!#lɒ]k"bؖ#[']gM&LH?70e4.TOtxLŒk@̛w.'" I挏ИYCŊvsOFdu#tFČCܝ0ܩMvk<<Tx#0= ug+6a`类ƝZFWK&O^!MvmW3!?gcITCxwd⟒|e'0OqXVf}^$u60H-x _X;}v`&S?Z˹ILEN$~ 6 9F{{P?$y`_GFb+M{Vk*u.w ɰ\,Nd=:q?\W łފjd!vzk2jSo:h}t;4eo-"m,w?cPxUE0H;CfJ,h :"QFAG}F垓gg_5b Gy&3@p+v"مxދ/!ZQy|XT ,sD<>7;33U)ւ_./gwd쥽%}Yq v|.}zxFʫu\N_T~7)B4w^|7(6؆|%OG ϿayH(t&Iw`S)1|j7;?]ٱs9cbV)qdGf̀O(#oݒ\k<>biЄ.Yp穎m,U|JA1Y2~ l|_Oexƪ~Qxh='з57b8Q| Gi!zQ;`kgq?d|;b[p?pM5f2QTĻ )Yj%xd휙99jE '8&U]x[9K@g0mӕh_yq7Uj+_2sEnBVJrX}P?):OOgsZ.^Hv!_,{ QAbVA8u vAѪ N7"60^wKR|@swS a \NX%e܌uF.E]hT4X %**S7 9/ߵS7qݼ®"vyX]A4gXIڙFX<޳s+o=ȉe]g0^϶p2$Ӿ82epCdkZK (Dq] XNǢȖWITR6!;կD?8 cĬ;acXJY2!&ۅ ?O80Ux|-h\}{xvmx0#Ÿrz,ɀa/>$;]r*mb׹Wx/yc|[00jPLP>9+_0$a1*=:`-hw͹!S׆!y0Ǖ2D1F(g,1f=L*@| փ W{څGSE6:|,݈bVS"N$J i-9=O9N*DX6^?rCf *$7@˽ōm]Ag*a?:_h8E8yj3Sq2ī$Y]t+Z_,w5Z݋OG<|;Xyt8y'c*FRqOR|?(>]n3u㎗NypՖ6#EKBݴ;Y B*;wjW񞞽P7w r9F˳?s7*Ѡ,jU z' 4mEgl3W'J^>۽wz"f/ROa6%s|N1VKi+n^ϦO*LΗ㇅ wE&l)vsmb-6C-{&