Spam has been taken to a whole new level by using MP3 attachment files named after celebrity artists and using the audio files for pump-and-dump stock scam; many emails have no subject, or they appear to bear the name of the artist who's name is also used in the attached MP3 file.
When recipients click on the attachment, a voice relays a message promoting stock for a particular company. According to Commtouch, as of the afternoon of Oct. 18, no viral threats had been identified in these messages. The outbreak began Oct. 17 and accounted for around 7 to 10 percent of all spam globally over the ensuing 18 hours, officials at the Sunnyvale, Calif., security vendor said.
MessageLabs researchers had a lower estimate and stated that the ongoing campaign has accounted for 1.25 percent of all spam since it began.
"We can say with confidence that it's being sent from IP addresses that we know to be also infected with Storm Trojan, so it would be safe to suggest that the Storm botnet has been used for this," said Paul Wood, a security analyst at MessageLabs.
"Interestingly, other Storm messages typically used just the name@domain format in the 'From' address. They also spoof names like "Hunter S. Thompson" using a middle initial … and some just use the name@domain format. This use of the middle initial was previously a trait more typical of another botnet, perhaps Warezov or SpamThru," Wood said.
Several security experts noted that it is difficult for a computer to quickly analyze an audio file and judge it to be spam.
"It's easy to catch in a broad way, if you just want to block MP3 attachments," said SecureWorks security researcher Joe Stewart. "However, telling the difference between a spam MP3 attachment and, say, a voice-mail MP3 [sent by some legitimate service] is harder."
|
