Hackers Use New Pump-and-Dump Spam Method
The spam trackers at Symantec are informing that the unrelenting long forgotten pump-and-dump spam or the penny stock format has resurfaced yet again and has had a perceptible influence on the existing spam trends.
As per Symantec as well as other investigators, the usage of the picture-based spam format implemented by spammers in the past few years while trying to conceal their e-mail text from anti-spam content filters has decreased considerably during the year 2007, probably due to the fact that majority of these filters have been updated to detect this surreptitious practice. The firm alleges that it has detected over 990,000 of these strikes within the last few days.
The pump-and-dump spam is not original phenomenon, but this method appears to contribute greatly in declining the picture and attachment spam. The once popular image spam has fallen from a high of 52% of the total spam flow in January, with the attachment/PDF spam falling from a 20% peak in the start of August to below 1% spam traffic presently.
Symantec's anti-abuse engineering Director, Doug Bowers, alleged that it is common knowledge that these spammers are always striving to make a fast buck by attempting to boost up value of these penny stocks, reported DMNEWS.com on 26 September 2007.
Greatly obscure spams are used by these current pump-and-dump trends with certain typical characteristics such as no subject line in message headers but instead in the content of the message. Besides these, pump-and-dump spams are dispatched to indiscriminate e-mail addresses present in an alphabetical order in the message content. The heading in the body is accompanied by the penny stock being pushed. The strike's html displays another twist by introducing the value of stock symbol in "mailto:" pattern in a spot generally earmarked for URLs.
According to the reports of InfoWorld.com on 25 September 2007, Kelly Conley, a Manager in the Security Response team at Symantec, posted on the firm's blog that hackers might be using this novel technique of obscured e-mails in order to lure users to open the message by solely relying on the inquisitiveness of an user to open the cryptic content.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 15-10-2007