Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent. Image spam has been in hibernation mode for a long time until recently when Symantec detected a significant increase in these attacks from our global Intelligence network.
Between June 20 and June 23, 52.25 percent of spam messages contained an image, compared to just 2.23 percent between June 13 and June 19. As with the last wave of image spam, image stock spam made up a significant portion of image spam messages.
Figure 1. Significant increase in image spam
Pump-and-dump image stock spam’s main problem stems from how it can cause financial loss to the email recipient. It can also put a strain on email infrastructures, due to a large message size, that could prevent end users from receiving legitimate email.
We have observed the following “Subject:” headers from this image stock spam attack:
- Subject: Another Big Report this Monday at the open!
- Subject: We've Just Come Across Something Huge!
- Subject: Financial News: Our New Stock Alert!
- Subject: Daily Stocks Tips
- Subject: This stock will go nuts today
- Subject: [REMOVED] Newsdesk - This is the next big stock play
We have seen the following images used by the spammer in this image stock spam attack:
Figure 2. Image stock spam sample
Figure 3. Image stock spam sample
Figure 4. Image stock spam sample
Figure 5. Image stock spam sample
This also leads into another side effect from image stock spam. Not surprisingly, the share price for the stock being promoted in this image stock spam attack has increased by 21.58 percent between June 19 and June 23.
Figure 6. Share price between June 19 and June 23
We will continue to monitor this spam attack and create additional filters to protect our customers.