Penny stock spammers have started using ahigh definition video file format to promote stock symbols. As we comeup to the end of the year, spammers have moved quickly on using videoformats for spamming with pump-and-dump stock symbols. Traditionally inpenny stock spam, JPEG images were embedded in the email, followed byURLs that were redirected to other JPEG images. This year we havewitnessed huge rounds of PDF and MP3 file formats to promote stocksymbols.
Penny stock spammers have also used legitimate video commercials (TVand online media commercials) and clippings of professional financialnews reports or programs. Often there are conversations between thehost and the guest star "professional financial analyst," discussingthe company’s strategies and financial prospects. The following are acouple of sample messages of the penny stock spam email:
Date: Fri, 07 Dec 2007 03:21:59 -0500 From: [REMOVED] To: [REMOVED] Subject: Catch...
'Tis the season of exchanging greetings,what with Thanksgiving and Xmas rounding out the year's end.Unfortunately, malicious code writers are on the job trying to exploitthese occasions by sending out mass spam email greeting cards withattractive and fancy links that serve the purpose of downloadingmalicious files to a victim's computer.
These eCards are purportedly sent from a legitimate source and tryto lure the victim to click on the link to view the eCards, which haveunderlying tricks to try and infect the computer. With the Xmas bellsstarting to ring, here is the first incidence where Xmas ecards havestarted doing the rounds. The URL included in the eCards attempts todownload "sos385.tmp" file, which is a downloader.
In this particular sample below, the "From:" header alias isdisplaying an eCard from a well known company; however, it is of coursea spoofed header. The spammer has also deliberately inserted the text "(no...
Malicious code writers have always usedpopular Web brand names to spread malicious code through spam vectorsand these days the YouTube brand name is popping up more and more.However, the spoofed URL in this latest scam redirects visitors todynamic domain names with seemingly unusual top level domains (TLDs),such as .li, .ch, and .es. Last month, spammers used the YouTube brandname in an attempt to spread spam regarding male enhancement pills andget-rich-quick schemes.
The email looks harmless enough, because the “From” header is spoofed to appear as if it's coming from "YouTube Service" ,which helps it to look like a legitimate invitation. The video'sdescription is enticing and seems innocuous, inviting potential victimsto open a shared video file, which is a fake YouTube link. Here is asample of one of these scam emails:
Imagine Google’s search engine being exploited for sending spam URLs. Unbelievable? Believe it!
Google is the one of the most widely used search engines on the Webtoday. To make life easier, it supports a few advanced query wordswhich narrow the scope of a search to a great extent. It appears thatspammers have found a way to exploit this facility to direct the enduser to a URL advertising their products or services, using Google’sadvanced search operators.
Pump-and-dump stock spam is a classicexample of sophistication and diversity of spam techniques. Recentlythe pump-and-dump spammers have started using mp3 files as a new methodof spreading stock spam.
In the latest observations we’ve seen an mp3 file as an attachmentin the body of an email message – without any content – and the subjectline usually includes “RE:”, “FW:”, or is sometimes just blank. The“From:” address is usually random. Another feature of this newpump-and-dump stock attack is that the mp3 files have random names,such as the following examples:
The average file size is approximately 63.3 kb, with the garbledstock tip lasting for about 30 seconds. The Audio content soundssomething like the below example:
“Hello, this is an Investor alert. XXXX Inc. hasannounced it is ready to launch its...
