New Spam Advances with MP3 File Attachments

As e-mail users get more wary and anti-spam tools get more sophisticated, spammers find new mediums to channel their unwanted messages to users' inboxes while bypassing filter programs. According to a recent development, spam mails are being sent with MP3 file attachments. Security vendor MXSweep reported that such spam makes up to 7-10% of total spam mails being dispatched.

The attachments have names like oursong.mp3, elvis.mp3, coolringtone.mp3 or smashingpumpkins.mp3 that sound rather harmless. They also have disappointing payloads such as a voice recorder that talk highly of some company stock virtues. This makes it a new form of pump and dump stock spam. Also, the size of the message is much bigger than the conventional and even bigger than the recent image and PDF spams. The messages range between 85 KB and 147 KB on average.

For majority part, the messages often have empty contents with subject lines saying just 'Re:' or 'Fwd:' or specifying the attached file's name.

MXSweep's Founder and Chief Technology Officer, Danny Jenkins, alerted that spammers were innovating ever new techniques to penetrate anti-spam solutions. Vnunet published this in news on October 30, 2007. As they increasingly advance their methods of attack, conventional Bayesian and keyboard filters become unable to effectively block the spam messages, thus becoming weak in the global effort to combat spam, Jenkins further added.

Most of the organizations are already preventing audio files or have little problem in implementing the policies relating to the prevention of audio files that arrive via e-mail into users' inboxes, Jenkins continued.

Albeit these spam mails make up to 8% of the current e-mail traffic, they use as a much as 55% of the bandwidth which results in an enormous cost for businesses, he said.

Just some months back, PDF spam comprised of almost 20% of the total image-based spam mails and now that figure has drastically dropped to below 1%, according to Proofpoint, the company for e-mail security. Image spam has itself dropped to 2.23% of the entire spam by September end this year (2007).

SecurityPark.net recommends the administrators to deploy anti-spam techniques to the maximum possible extent and keep low false positives to clean out MP3 spam.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 11/20/2007