A massive spam blast that started Tuesday is still in progress and shows no sign of abating, a security company said.
"The scale of this stock pump-and-dump spam campaign is like nothing we've seen before," said Graham Cluley, a senior technology consultant at Sophos PLC.
Similar to countless other e-mail campaigns in both delivery method and intent -- the message arrives as a Portable Document Format (PDF) file and baits the scam by touting quick money to be made on an up-and-coming, if completely unknown, stock.
It's the size of the spike that separates this from every other spam run, reported Sophos. The campaign, which first appeared in German users' in-boxes Tuesday around 11:40 a.m. EDT, has boosted the amount of spam Sophos is trapping at customers' gateways by 30 percent and more. Although the volume peaked in the first two hours Tuesday, it remains very high Wednesday, added Mark Harris, the director of SophosLabs, in a posting to the team's blog Wednesday.
PDFs as spam are not new; neither are pump-and-dump schemes where scammers tout shares of a lightly-traded company. The fraudsters, who have already bought shares of the firm in question, flood users with spam to get others to buy in. If enough do, the share price goes up, and the scammers sell their holdings. The duped recipients are left holding the bag when the price later plunges.
The target in this spam run is Prime Time Group, a Fort Lauderdale, Florida-based company that owns and operates convenience stores in Missouri and Puerto Rico, as well as wireless product shops in the Caribbean region. "There is nothing to suggest that the company in question [has] anything to do with this campaign," said Harris, who also noted that the price of Prime Time Group's shares has climbed 60 percent since Friday. "Recently, the company announced plans to open two new [wireless] stores in Puerto Rico," said Harris. "It is this news that seems to have attracted the attention of the spammers."
Sophos' researchers, as others have before them, linked large malware attacks of late to increases in unsolicited commercial e-mail in general -- and to this major campaign specifically. The attacks, in which malicious code piggybacks on e-mail posing as electronic greeting cards, precede the spam and target unprotected or unpatched PCs that are hijacked and added to the hacker's botnet. Those compromised computers -- called "zombies" in the vernacular -- are next instructed to send the pump-and-dump spam.
"We will be watching closely to see if another campaign starts later today," said Harris.