A spam email circulating the globe has been identified as an attempt to inflate share prices by encouraging recipients to buy shares in a little-known website company that sells new and used motor vehicles.
|A screenshot of the MP3 file which claims to be an Elvis song.|
“Hello, this is an investor alert,” says the MP3 file.
“Exit Only Incorporated has announced it is ready to launch its new text4cars.com website, already a huge success in Canada, we are expecting amazing results in the USA.
“Go read the news and sit on EXTO. That symbol again is EXTO. Thank you.”
According to Sophos, the voice is manipulated to avoid detection by anti-spam filters.
“Users may click on the MP3 file expecting to hear Elvis, but they’ll be all shook up when they discover it’s actually a voice resembling Marvin the Paranoid Android droning on about a stock that is set to be the next big thing,” said Sophos senior technology consultant, Graham Cluley.
“The spammers are already likely to have purchased stock on the cheap, and they are now trying to artificially inflate its price by encouraging others to purchase more. Once the stock rises, they’ll quickly sell up, leaving the duped investors crying in the chapel. Thankfully though, it’s hard to believe that many internet users will fall for such an amateurish presentation of an ‘investor alert’.”
Sophos says companies should consider policing the types of files which enter their networks via email.
“Although the spammers seem to have quite a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course,” said Cluley.
“So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which aren’t after they’ve arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralising this sort of spam at the same time.”
Experts at Sophos report that ‘pump-and-dump’ stock campaigns account for approximately 25 per cent of all reported spam, which is up from 0.8 per cent in January 2005.