Storm gang spammers pump up volume with major spoken scam slam

Storm botnet delivers MP3 attachments that read pump-and-dump pitch

Spammers started delivering spoken messages mid-week in the newest twist on the ongoing pump-and-dump scam, several security researchers said.

According to analysts, the spam is coming from the individual or gang responsible for the Storm Trojan, and is being sent from a piece of the Storm-built botnet that was recently split off from the core group of compromised computers.

Around 5:30 p.m. (EDT) Wednesday, security vendors, including SecureWorks and MessageLabs began noticing a wave of spam using MP3 audio file attachments to dupe recipients into investing in a penny stock. The spam run was still in operation as of noon (EDT) Thursday, said Paul Wood, an analyst at MessageLabs, with the volume holding steady at about 10,000 messages per hour. "It's been going on now for about 18 hours," said Wood. "That's pretty unusual."

Analysis done by Sophos, another U.K.-based security company, reported that the spam often lacks subjects or even text in the body of the messages. Instead, the spammers pin their hopes on the MP3 filenames, which purport to be tunes from singers as wildly different as Fergie, Elvis and Carrie Underwood. The MP3s are of poor quality -- encoded as 16Kbit/sec. audio -- and feature a synthesized female voice reading the pump-and-dump pitch.

"Hello, this is an investor alert," the voice says. "Exit Only Incorporated has announced it is ready to launch its new Web site, already a huge success in Canada; we are expecting amazing results in the USA. Go read the news and [obscured] on EXTO. That symbol again is EXTO. Thank you."

In a classic pump-and-dump, criminals tout shares of one or more lightly traded companies as hot and ready to climb. The fraudsters, however, have already bought shares, and spam their shills to get others to buy in. If enough do, the price goes up, and the scammers sell. The dupes are left holding the bag when the price later plunges.

"They've given the synthesized voice slightly different parameters so it speaks faster or slower to make the file sizes different," said Joe Stewart, senior security researcher at SecureWorks. "Sometimes when it gets to the end of the talk, it repeats part of it to try to make it harder for filters to catch."

Both Wood and Stewart said that the spam is the first to actually use audio. Although other campaigns have included attachments that posed as MP3s, they were actually image files, Wood said. But whether the spoken word is as effective as text in convincing people to buy dubious stocks remains to be seen. "I wouldn't think it would [be], but we'll have to wait to see if the stock actually goes up," said Stewart.

The pitch delivered by the robotic voice is for Exit Only, a company listed on Pink Sheets, which runs a Web-based sales operation for new and used vehicles. As of 1 p.m. EDT, Exit Only shares were up 1 cent, or 2.5 percent, to 41 cents.

Stewart was certain that the spam originated with Storm's maker or makers. "The stock being pumped is the same one we saw the botnet send as text [spam] yesterday," he said. "The samples I have came from the botnet secured with the 40-byte encryption," he added, referring to a subset of the 200,000-plus PC botnet built by the Trojan Horse. Earlier this week, Stewart and other security professionals said that the addition of encryption to the newest Storm variant indicates that the hackers are getting ready to sell off parts of their collection, and are using the command-and-control traffic encryption to splinter the botnet into smaller, more salable chunks.

Spammers are constantly changing tactics to stay ahead of spam blockers and gateway filters, Wood said. Already this year, scammers have used image files, PDFs and Microsoft Excel spreadsheets to deliver their spiels. "What may be a success for them one week may fail the next," Wood said. In fact, based on past practice, Wood said he could predict the next move. "When they used image spam, they eventually put it on a Web site, using a free hosting service, and then used links to draw people there," he said. "The next logical step here is perhaps hosting the multimedia content online."

Tallies made by Commtouch, a security company, peg the new talking spam as accounting for between 7 percent and 10 percent of all spam sent worldwide in the past 18 hours.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?