Elvis and the Beatles probably never could have imagined they would one day be used to commit stock fraud.
But that is exactly what is happening, as spammers have taken to using MP3 attachments in e-mails named after recording artists as part of a pump-and-dump stock scam. Most of the e-mails have no subject name; others, however, appear to be named after the artist the MP3 file is named after, according to several security vendors.
When recipients click on the attachment, a voice relays a message promoting stock for a particular company. According to Commtouch, as of the afternoon of Oct. 18, no viral threats had been identified in these messages. The outbreak began Oct. 17 and accounted for around 7 to 10 percent of all spam globally over the ensuing 18 hours, officials at the Sunnyvale, Calif., security vendor said.
MessageLabs researchers had a lower estimate and stated that the ongoing campaign has accounted for 1.25 percent of all spam since it began.
“We can say with confidence that its being sent from IP addresses that we know to be also infected with Storm Trojan, so it would be safe to suggest that the Storm botnet has been used for this,” said Paul Wood, a security analyst at MessageLabs.
“Interestingly, other Storm messages typically used just the [email protected] format in the From address. They also spoof names like “Hunter S. Thompson” using a middle initial … and some just use the [email protected] format. This use of the middle initial was previously a trait more typical of another botnet, perhaps Warezov or SpamThru,” Wood said.
Several security experts noted that it is difficult for a computer to quickly analyze an audio file and judge it to be spam.
Click here to read about how the Storm worm botnet is replicating itself.
“Its easy to catch in a broad way, if you just want to block MP3 attachments,” said SecureWorks security researcher Joe Stewart. “However, telling the difference between a spam MP3 attachment and, say, a voice-mail MP3 [sent by some legitimate service] is harder.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.