Video Screencast Help
Security Response

MP3 Version of Pump-and-Dump Stock Spam

Created: 18 Oct 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:45:27 GMT
Jitender Sarda's picture
0 0 Votes
Login to vote

Pump-and-dump stock spam is a classicexample of sophistication and diversity of spam techniques. Recentlythe pump-and-dump spammers have started using mp3 files as a new methodof spreading stock spam.

In the latest observations we’ve seen an mp3 file as an attachmentin the body of an email message – without any content – and the subjectline usually includes “RE:”, “FW:”, or is sometimes just blank. The“From:” address is usually random. Another feature of this newpump-and-dump stock attack is that the mp3 files have random names,such as the following examples:

"ciara.mp3"
“elvis.mp3"
"crazylady.mp3"
"chrisbrown.mp3
“jillscott.mp3"
"crush.mp3"

The average file size is approximately 63.3 kb, with the garbledstock tip lasting for about 30 seconds. The Audio content soundssomething like the below example:

Hello, this is an Investor alert. XXXX Inc. hasannounced it is ready to launch its new XXXX.com Web site. Already ahuge success in Canada, we are expecting amazing result in USA. Go readthe news and hit on XXXX that Symbol get it XXXX Thank you

The spam emails look something like this:

From: [REMOVED]

To: [REMOVED]

Subject: (Re: | FW: )

Date: Thu, 17 Oct 2007 09:35:47 +0530

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0003_01C8116A.436A61B0"

Content-Type: audio/mpeg; name="jillscott.mp3"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; name="jillscott.mp3"

As always, be wary of any unsolicited email that you have received.You should always be sure that you know the sender(s) of each emailthat you receive, and also be sure that you have at least a vague ideaof what and why the sender is emailing you. Often the best course ofaction for unsolicited spam is to delete it immediately upon receipt.