New Flavour of Spam - MP3 Stock Scams

An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"

Flavour

[Anonymous Coward]

I prefer the 'u' in flavour - Hannibal Lector

What's the saying about a fool and his money?

[mcmonkey]

The realize the real victims are the rest of us who suffer the extra traffic on the internet and in our mail boxes, but who is smart enough to check email, play an mp3 file, and have money to lose and yet still be dumb enough to fall for this?

This isn't a scam, it's economic darwinism.

That Spam won't exist for long

[Opportunist]

Unlike pictures or HTML, people don't usually get a lot of MP3s via mail. Companies, like the article said, don't at all. People usually either use FTP or P2P access to get their MP3s illegally or through iTunes or similar services legally. And if they don't know what an MP3 is, they won't see (or hear, in that case) the spam at all, afaik there's no built-in support for MP3 in the various mail programs (and if there is, that's at best a reason NOT to use a certain mail client).

So I'd guess this is a short lived problem.

Why are they really doing it?

[scottsk]

"...it's hard to believe that many internet users will fall for such an amateurish presentation..." Surely not, which leads to the real question of why spammers are doing it. No one who retains their services could be dumb enough to believe this would work. (In fact, the WSJ once built a portfolio of penny stocks that were spam targets, and they didn't even see a "pump" in value, just a decline.) This is an area where I'd like to see some investigative reporting done by a tech savvy reporter who could find out who these spammers are and who bought their services. To waste bandwidth? To distract us from other spam that's smaller but more accurately targeted? Defamation of a company by rivals? Getting into the spam underworld would be risky (one spammer died in a spam turf battle recently) but it would be interesting to know who buys the services of these spammers for these PDF, MP3, image, etc spams and why they're doing it.

No one "falls" for it.

[khasim]

But there is a group of people who THINK that they can ride on the scammer's pump-n-dump scheme and make some money on the up-side of the pump.

These are the people who know it's wrong and don't have the guts themselves to run a stock scam ... but feel okay about trying to make some money off of one.

I didn't say they were very smart.

New setting needed

[gurps_npc]

We need a setting to block all mail that has an attachment that is NOT on your contacts list, with an auto-reply explaining this. They sender would then know to send a normal email first, requesting that you put them on your contact list.

Re:Better idea: block all text in email

[Shakrai]

some companies might consider blocking all text in email as a matter of course

You got +5 funny, but you really deserved +5 insightful.

Seriously. Since when did it become my job as a network admin to "take a proactive stance against illegal file sharing". As long as my users aren't bogging down my network I DON'T CARE WHAT THEY ARE DOING. If they are doing something illegal then I would assume that law enforcement will catch up to them sooner or later.

Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing

Yes, cuz e-mail has displaced P2P/bittorrent as the preferred method for sharing songs and warez. Give me a fucking break! I would suspect that less then one percent of copyright infringement (as it relates to music) takes part over e-mail.

Re:New setting needed

[T-Bone-T]

They sender would then know

that the address works and will then sell it to other spammers, thus vastly increasing the amount of spam you receive. Real smart.

Got a bunch today

[GoRK]

I got three or four of these today. I think they will be a pretty short lived trend for a couple of reasons:

You can't understand it. Think a million times worse than Max Headroom on a cell phone. It's so noisy and distorted that you can barely make out that it is a female voice much less interpret the stock symbol she is attempting to SPELL! I have a nice noise canceling headset for my phone and still have to use the phonetic alphabet to spell things on the phone. How do they expect this to work?

They are huge. Mine passed my spam filter simply because I've never had a spam bigger than 100KB, so I haven't ever bothered to filter them. I guess things like the Storm botnet are changing the limits of this, but still, 100KB is 10-100 times the amount of data vs a normal spam that you have to send out to plaster your message onto everyone's inbox.

The real take-home message here is that while there is quite a lot of mention about how the spammers are 'having to get innovative' the reality is that they are having to get desperate. There is no innovation in sending a unique audio message to somebody via email. But when they have to bypass all existing spam filters in addition to having to resort to sending out huge, uniquely distorted audio files to get their message across they are definitely feeling cornered.