Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Spam Alert: Pump & dumpers devise new tricks. By John Stokdyk

by
10th Nov 2006
Save content
Have you found this content useful? Use the button above to save it to your profile.

Psssst! Have you heard about Cana Petroleum yet?

"Trey Mcmahon" wrote me an upbeat email recently to let me know that the oil company's share price was set to shoot up on the back of a huge publicity campaign. But then I also got emails from Stella, Gonzalo, Bridgette, Irma, Suzanne, Lloyd, Tracie etc etc...

Coincidentally, The Guardian published an article by Danny Bradbury explaining how these pump & dump spam mails were becoming the most prevalent form of online scam. The emails are generated by PCs infected via trojan horse programs that surreptitiously control the affected machines to dispatch spam. The thinking goes that if you send out enough emails puffing a particular share, enough people will buy the share to increase its price, so the spammers can offload their holdings for a profit.

The article touched on some interesting points:

  • Spammers are getting more technically sophisticated in order to stay one step ahead of counter-measures. Instead of using identifiable online email servers to dispatch their junk messages, spammers create networks of mailbots ("botnets") to send small batches of emails that evade detection by anti-spam monitors.
  • Like any other direct mail operators, the spammers are targeting high net worth individuals with the messages.

    AccountingWEB's own technology support team confirmed the Guardian's estimates about the remarkable volume of spam. "The load on our servers is pretty high - around 90% of what we get is spam," reported our tech honcho. "We just don't have time to cope with it all and are having to consider going to an outside provider."

    One recommendation from the anti-spam monitoring group TQM3 is for internet service providers to block port 25 on client systems. This is commonly used as the route for spam emails. If you have a router with a built in firewall, the Guardian article explains how you can check whether your machine is being used as a mailbot by turning on your report log, blocking port 25 and seeing if any network traffic is intercepted.

    AccountingWEB's security adviser Stewart Twynham reckoned that net users and their ISPs could be doing more to combat the flood of spam. "Blocking port 25 is easy to do - there is no need for a home user to be sending emails directly from their PC to the outside world. They should be using the email servers (relays) provided by their ISP.

    "The ISP should then be monitoring email traffic volumes - people don't normally send 50,000 emails a day, so it's should be easy to spot."

    For further information on how "botnets" are created and controlled, Twynham recommends reading The strange tale of the denial of service attacks against GRC.com. The denial of service attack is now an unfashionable form of net nuisance, and not as profitable as pump and dump spam. But as Twnham explained, "The same principles are used in communicating with botnets for spam."

  • Tags:

    Replies (1)

    Please login or register to join the discussion.

    avatar
    By User deleted
    11th Nov 2006 08:32

    Wikipedia - Latest virus medium ...
    Ouch !!

    http://it.slashdot.org/article.pl?sid=06/11/05/183240

    The danger is that the same principles can also can apply to YouTube, Facebook, Bebo etc. unless the hosts screen all uploads; which is an immense task

    Thanks (0)