ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

ACCU Menu

Advertisement

Advertisement

Membership

Join ACCU

Login

» Create an account

» Password Reminder

ACCU Buttons

Add them to your site:

ACCU: professionalism in programming (116x31 px)
ACCU: professionalism in programming (225x60 px)

Notes from the site administrators.: 'It's a buy!', coming from a botnet near you.

Posted by: Tim Pushman on 19 November 2006
[19/11/06] - The recent wave of 'pump-n-dump' stock scam emails have been particularly difficult to filter out of the system.

Since about July of 2006, there has been a slow but steady increase of spam on the Internet. Some sources put the figure at an increase of about 35% in the period from July to October. Towards the end of October though, there was a sudden increase of spam, and spam of a particular kind. It contained no web links, contained no email addresses and came from a 'real' computer. It simply enthused about a potential hot pick of a company stock and looked, as far as a spam filter was concerned, just like a normal email.

In fact, it was a normal email, in the sense that it had been sent out through regular channels from a normal computer. It bears a strong similarity to dozens of emails you might receive, praising a local football team, or the latest film. This normality makes it hard to detect.

Through September a Windows trojan called SpamThru has been making the rounds. SpamThru has been quite well behaved, it doesn't crash the host, provides it's own version of Kaspersky anti-virus to detect competing trojans and viruses and sends out email to a limited number of email addresses.

A recent article on eWeek.com gives a lot of good background for understanding how the botnets work. Given the income that a successful pump-n-dump scam can generate, there are plenty of resources for setting up sophisticated networks with name servers, centralised email lists and downloadable templates. Some of the more recent emails contain an image with the companies details in it, each gif image being slightly different from others in a random way, so that even a sample email cannot be used as a template for trapping other copies of the email.

The companies that get pumped are often innocent of any involvement. They just happen to be penny stocks (or microcaps) that are picked on by the botnets, the owners of which have purchased a lot of shares and wait for the right time to dump them, usually after a day or two. A typical share can rise ten-fold before collapsing. Those that come later of course lose everything.

Possibly the only way that spam is going to decrease is as Microsoft's Vista operating system becomes more prevalent, though that will obviously take a long time, maybe a year or two. Vista is promised to have far stronger security than Windows XP or earlier variants. Although what Microsoft mean by 'stronger security' remains to be tested in the market place.

More information at:
Wikipedia
CIO Tech Informer
VirusList for another viewpoint.

< prev  next>