Has 'Pump-and-Dump' Spam Been Dumped?By Brian Prince | Posted 2007-06-27 Email Print
Security vendors disagree on whether there has been a dramatic drop-off in "pump-and-dump" spam.
E-mail and Internet content security provider Marshal on June 26 announced that "pump-and-dump" spam has dropped significantly, though not all security vendors agree.
Marshal researchers say stock spam now represents five percent of all spam as compared with 50 percent in February. During the past quarter, the amount of pump-and-dump spam, a type of financial fraud involving the artificial inflation of a stock's price so it can be sold at a higher value, has averaged around 30 percent of all spam messages.
However, in the past four weeks, the Marshal Threat Research and Content Engineering team saw the volume of stock spam drop to 5.1 percent, the lowest point it has seen in 10 months.
Bradley Anstis, director of product management at Hampshire, England-based Marshal, could not offer an answer as to why stock spam has declined, but listed improvements in spam filtering technology, law enforcement operations, and the overuse of stock spam leading to declining returns for spammers as possible reasons.
However, security officials at Sophos are not so quick to declare any drop-off. Sophos put the amount of pump-and-dump spam at 25 percent, a figure Graham Cluley, a senior technology consultant at Sophos, in Abingdon, England, said has not fluctuated much recently.
"It's interesting that another vendor is claiming that pump-and-dump has dropped so dramatically," Cluley said, speculating that Marshal may be looking at a smaller sample of spam or not identifying new techniques spammers are using to distribute pump-and-dump spam.
"Anti-spam producers have worked hard to fight this image spam and as a result some scammers are now putting their stock-pumping message into attachments such as PDFs, which some anti-spam products may have a hard time reading," Cluley said.
However, Anstis noted his company has observed a rise in PDF spam, including a recent stock spam outbreak in Germany widely reported by Sophos and others.
"While many users are savvy and can spot a financial scam, there is the elusive dreameasy money," Anstis said. "Fast wealth, living high with little effort, retire young and wealthy that's why people are still falling victims to the Nigeria scams and overseas lottery tickets."
Earlier this year, the U.S. Securities and Exchange Commission suspended trading of more than 30 companies targeted by pump-and-dump spam.
"It was a minor inconvenience for the pump-and-dumpers who simply found other stocks to manipulate," Cluley said, adding scammers are now targeting stocks outside the SEC's jurisdiction. "So, the rumors of pump-and-dump's death have been greatly exaggerated. The scams are likely to continue, and people need to learn that there is no such thing as a free lunch."
Meanwhile, Anstis said other types of spam are growing in prevalence. So-called "Piggyback" spam, which contains not only typical product advertising messages but also a URL link to a malicious executable file, is on the rise, he said.
"What is new and unusual about including URL links within spam, is that the link is not integral to the main message but is inserted in odd places to trick the recipient into downloading and executing a file," he said. "We're also noticing an increase in 'linked image' spam, where an image is retrieved from the Web rather than being attached to the messageto get around image-scanning technology at the e-mail gateway."
Spam related to health products such as weight-loss pills and performance-enhancing drugs continues to be the No. 1 spam category, accounting for nearly one-half of all spam the first half of this year, Anstis said.