Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

New Flavour of Spam - MP3 Stock Scams

Posted by Zonk on Thu Oct 18, 2007 02:14 PM
from the tastes-just-terrible dept.
Spam Communications The Internet IT
An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"
+ -
story

Related Stories

Submission: MP3 spam - the new kid on the block by Anonymous Coward
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

New Flavour of Spam - MP3 Stock Scams 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Well hey now (Score:5, Funny)

    by SpiffyMarc (590301) on Thursday October 18 2007, @02:32PM (#21030087)
    Let's not get hasty. Some of us rely on those daily pump-n'-dump stock scams to support our families.

    Won't you think of the shady day-traders?

  • Better idea: block all text in email (Score:5, Funny)

    by Sub Zero 992 (947972) on Thursday October 18 2007, @02:35PM (#21030113)
    Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all text in email as a matter of course. So many text files infringe intellectual property and patented business methods, and it can be hard for a company to establish which words are legal and which lemmas are not after they have arrived. Blocking all letters, or at least the letters J-M and all the vowels until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal and/or infringing message sharing. It also has the benefit of neutralizing this most spam at the same time.
    • ....some companies might consider blocking all text in email as a matter of course........

      We can all go back to hand written letters and slide rules--- well maybe adding machines are OK. Who needs all this new fangled computer stuff. The plain old phones work well for those who can't wait for the mailman. We get lots of paper junk mail also, but at least we get a little heat from that when it is consumed in our wood stove.

    • Re: (Score:3, Insightful)

      by Shakrai (717556)

      some companies might consider blocking all text in email as a matter of course

      You got +5 funny, but you really deserved +5 insightful.

      Seriously. Since when did it become my job as a network admin to "take a proactive stance against illegal file sharing". As long as my users aren't bogging down my network I DON'T CARE WHAT THEY ARE DOING. If they are doing something illegal then I would assume that law enforcement will catch up to them sooner or later.

      Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing

      Yes, cuz e-mail has displaced P2P/bittorrent as the preferred method for sharing songs and warez. Give me a fucking break!

    • No need to block the letters. Just block all 4-letter words. That will keep stock symbols from appearing. As a bonus, it will neutralize most swear words, making email "safe" for children and christians.

      And the best part: the solution doesn't sound like contrived RIAA propaganda. I mean, really. Who ever heard of mp3 files that infringe copyrights?

      • Re:Better idea: block all text in email (Score:4, Funny)

        by Torvaun (1040898) on Thursday October 18 2007, @03:46PM (#21031335)

        No need to block the letters. Just block all 4-letter words. That will keep stock symbols from appearing. As a bonus, it will neutralize most swear words, making email "safe" for children and christians.

        And the best part: the solution doesn't sound like contrived RIAA propaganda. I mean, really. Who ever heard of mp3 files that infringe copyrights?
        Turns into:

        No to block the letters. block all 4-letter words. stock symbols appearing. As a bonus, it neutralize swear words, making email "" for children and christians.

        And the: the solution doesn't sound contrived propaganda. I, really. Who heard of mp3 files infringe copyrights?
        Now it matches the spam I get grammatically...
  • So, who thinks the RIAA is behind this?

  • Ugh, please don't block file types... (Score:5, Informative)

    by MightyYar (622222) on Thursday October 18 2007, @02:38PM (#21030161)
    I hate when a certain file type gets blocked. Just today I had to rename my exe files so that I could send them in gmail... even though they were zipped! Yes, gmail actually looked inside my zip file to see if there were any exe files...

    So of course, now the instructions to use my script have to include renaming exe files after unzipping.

  • 320Kbps MP3 Spam... (Score:5, Funny)

    by Starteck81 (917280) on Thursday October 18 2007, @02:39PM (#21030173)
    ... sound so rich you can almost see the pink and taste the meat.

  • What's the saying about a fool and his money? (Score:4, Insightful)

    by mcmonkey (96054) on Thursday October 18 2007, @02:39PM (#21030177) Homepage
    The realize the real victims are the rest of us who suffer the extra traffic on the internet and in our mail boxes, but who is smart enough to check email, play an mp3 file, and have money to lose and yet still be dumb enough to fall for this?

    This isn't a scam, it's economic darwinism.
    • Ahhh, but poor people tend to have MORE kids.

      It is in smart people's best interest to make sure that stupid people are as rich as possible.

  • That Spam won't exist for long (Score:4, Insightful)

    by Opportunist (166417) on Thursday October 18 2007, @02:42PM (#21030233)
    Unlike pictures or HTML, people don't usually get a lot of MP3s via mail. Companies, like the article said, don't at all. People usually either use FTP or P2P access to get their MP3s illegally or through iTunes or similar services legally. And if they don't know what an MP3 is, they won't see (or hear, in that case) the spam at all, afaik there's no built-in support for MP3 in the various mail programs (and if there is, that's at best a reason NOT to use a certain mail client).

    So I'd guess this is a short lived problem.

    • Re: (Score:3, Interesting)

      by LWATCDR (28044)
      Yea I wondered why I got an MP3 in my email this morning. I thought it was probably some new buffer exploit that I hadn't heard of yet. Dang I wish I had listened to it now.
    • I just checked. Lotus Notes does support MP3s. I don't know if they use the codec from the OS or if they implement their own, but when you say to view the file, it opens a new tab and plays the MP3.

      Why you would thank that supporting file types would mean that you should not use an application is baffling.
  • Are they pumping Aperture Science stock?
  • If they'd just block any e-mail with headings containing "penis" and "enlarge" half my spam would go away. I think I can survive loosing the odd e-mail a friend sent me about how he enlarged his penis.
  • I thought the 419 stuff was lame. I'm amazed that anyone would actually invest in a stock based on a spam message. Is the pool of idiots with investment dollars actually big enough to allow the spammers to make money?

    • No one "falls" for it. (Score:5, Insightful)

      by khasim (1285) <brandioch.conner@gmail.com> on Thursday October 18 2007, @02:51PM (#21030353)
      But there is a group of people who THINK that they can ride on the scammer's pump-n-dump scheme and make some money on the up-side of the pump.

      These are the people who know it's wrong and don't have the guts themselves to run a stock scam ... but feel okay about trying to make some money off of one.

      I didn't say they were very smart.

        • Re:No one "falls" for it. (Score:5, Informative)

          by jonbryce (703250) on Thursday October 18 2007, @05:05PM (#21032477) Homepage
          They pick small caps where there is very little active trade, and it can take weeks / months to sell the stock.

          They buy a load of them at the normal price over a period of time, then sell them at an inflated price to the people they spam. By the time they send out the spam, the price has gone up, and it is already too late to profit from the upside.
    • I'm amazed that anyone would actually invest in a stock based on a spam message.

      But it's so cheap! I can buy 100,000 shares!!! When it goes up just a dollar, I'll be RICH! /sarcasm

      Is the pool of idiots with investment dollars actually big enough

      History has shown that the pool of stupid people with money is bottomless. In fact, we can all take turns once in a while. You want to be next? :)
  • Maybe sometimes it is better that Linux doesn't have such a great market share.

  • Why are they really doing it? (Score:4, Insightful)

    by scottsk (781208) on Thursday October 18 2007, @02:47PM (#21030305) Homepage
    "...it's hard to believe that many internet users will fall for such an amateurish presentation..." Surely not, which leads to the real question of why spammers are doing it. No one who retains their services could be dumb enough to believe this would work. (In fact, the WSJ once built a portfolio of penny stocks that were spam targets, and they didn't even see a "pump" in value, just a decline.) This is an area where I'd like to see some investigative reporting done by a tech savvy reporter who could find out who these spammers are and who bought their services. To waste bandwidth? To distract us from other spam that's smaller but more accurately targeted? Defamation of a company by rivals? Getting into the spam underworld would be risky (one spammer died in a spam turf battle recently) but it would be interesting to know who buys the services of these spammers for these PDF, MP3, image, etc spams and why they're doing it.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      In fact, the WSJ once built a portfolio of penny stocks that were spam targets, and they didn't even see a "pump" in value, just a decline.

      According to some analysts, that is in fact the intention. The Spam is not meant to artificially inflate the price for a short time, but rather to depreciate the stock. Not so much to ruin the target company, but rather because the spammers can short the stock and make a bit of money on the short-term depreciation.

      I'm not sure if it's true or not... but I must admit

      • Re:Why are they really doing it? (Score:4, Informative)

        by larry bagina (561269) on Thursday October 18 2007, @03:24PM (#21030925) Journal

        Not this shit again...

        You can't short a penny stock.

        Here's a dumbed down guide to how shorting works:

        1. You borrow stock from someone else
        2. You sell it
        3. ???
        4. Profit! (buy it back at a lower price and return the shares)

        If you want to borrow a NYSE/NASDAQ stock, your broker will be happy to help (they charge interest and take the shares from another person's account). But if you ask about borrowing a penny stock, they'll tell you to fuck off.

  • I had never received one of these .mp3 spams. Until I read this story. The very next email I received was, sure enough, an .mp3 pump-and-dump.

    At least, that's what I assumed. The filename was gloriaestefan.mp3 but I didn't listen (duh), so I can't be certain.

  • VOIP? (Score:5, Interesting)

    by Anonymous Coward on Thursday October 18 2007, @02:50PM (#21030325)
    Well hold on there, I've got a nice new shiny VOIP line at home, guess how the answering service works? That's right, MP3s in my email...
  • I cannot find more details...

    Maybe there's more to this than meets the eye? WinAmp (still widespread) has had multiple arbitrary code execution vulnerabilities in the past, through ID3 tags, the mp3 stream itself, etc. I wouldn't be surprised if someone found similar things in iTunes or Windows Media Player as well.

    Are those mp3s sound recordings only?

  • What I want to know... (Score:3, Interesting)

    by JK_the_Slacker (1175625) on Thursday October 18 2007, @02:56PM (#21030433) Homepage
    ... is how they'll manage to misspell the words in an mp3?

  • The RIAA is behind this... (Score:5, Informative)

    by brundlefly (189430) on Thursday October 18 2007, @02:57PM (#21030451)
    Strap on your tinfoil hats, gents. The RIAA stoops to a new low... poisoning the well for all of us who love to email terabytes of illegal MP3s to our co-workers.
  • Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing.

    Ya, sounds like a huge problem facing companies today. Tech journalism rocks sometimes.

  • New setting needed (Score:3, Insightful)

    by gurps_npc (621217) on Thursday October 18 2007, @03:00PM (#21030521)
    We need a setting to block all mail that has an attachment that is NOT on your contacts list, with an auto-reply explaining this. They sender would then know to send a normal email first, requesting that you put them on your contact list.

    • Re: (Score:3, Insightful)

      by T-Bone-T (1048702)

      They sender would then know
      that the address works and will then sell it to other spammers, thus vastly increasing the amount of spam you receive. Real smart.
  • It was pushing some uranium-mining company in Canada or something. No real contact info on it. Lord knows how I got on that list - probably one of the e-merchants I bought laptop parts off of in the last few weeks.
  • If only they would use actual copyrighted MP3s when sending their spam*. I'd love to see the eventual RIAA-spammer fight. No matter who loses, we'd win.


    *I could actually see this happening, if spammers start luring in users by harvesting random MP3s found on botnets and appending their audio spam to the end of the file.
  • Ok, you know that ramen noodle commercial where we see this hawt japanese chick bobbing her head up and down, slurping on something that's just below the bottom of the screen, we all think it's wang but we then see it's an instant ramen cup? Just imagine if it wasn't ramen and the symbol of the stock in question was written on her forehead. Five minutes of knob-slobbing action, brought to you by the fine folks at ABC Corp. Spam this out to a hundred million people and just see the results you'll get!

    Wow, that spam plan is so evil, I think the Russian mafia is coming to kill me.
  • It's a pretty dubious practice to determine legality and spaminess of content by file type. I am sure it will not take spammers long to send wav, wma or aac promotions instead. In the meantime, file shares can trade mp3.bz2 files. Already we have to send .zippy attachments to each other here because all zip files are blocked as virus carriers.
  • Besides the fact that such attachments are easy to identify and block, like the image span became, the problem for spammers is the reduced rate of return. The bigger the attachments they send out, including PDFs and Excel spreadsheets, which have take over for image span lately, the fewer they can send out with whatever bandwidth they've managed to steal with their botnets.

    This reduces their rate of return on the spam, and encourages them to try to find ways to minimize the size of the spam so it can get th

  • Got one (Score:4, Funny)

    by HTH NE1 (675604) on Thursday October 18 2007, @03:18PM (#21030855)
    I received one of these, except instead of a stock spam, it was some annoying woman repeating over and over, "What the fuck do you think you're doing?"

  • Got a bunch today (Score:3, Insightful)

    by GoRK (10018) <johnl&blurbco,com> on Thursday October 18 2007, @05:57PM (#21033141) Homepage Journal
    I got three or four of these today. I think they will be a pretty short lived trend for a couple of reasons:

    You can't understand it. Think a million times worse than Max Headroom on a cell phone. It's so noisy and distorted that you can barely make out that it is a female voice much less interpret the stock symbol she is attempting to SPELL! I have a nice noise canceling headset for my phone and still have to use the phonetic alphabet to spell things on the phone. How do they expect this to work?

    They are huge. Mine passed my spam filter simply because I've never had a spam bigger than 100KB, so I haven't ever bothered to filter them. I guess things like the Storm botnet are changing the limits of this, but still, 100KB is 10-100 times the amount of data vs a normal spam that you have to send out to plaster your message onto everyone's inbox.

    The real take-home message here is that while there is quite a lot of mention about how the spammers are 'having to get innovative' the reality is that they are having to get desperate. There is no innovation in sending a unique audio message to somebody via email. But when they have to bypass all existing spam filters in addition to having to resort to sending out huge, uniquely distorted audio files to get their message across they are definitely feeling cornered.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.