Monthly Archives: December 2006

Does Pump and Dump Spam Work?

Unfortunately, the short answer is yes.  A recent study conducted by Jonathan Zittrain, an Oxford University professor and Laura Frieder, a Purdue University assistant professor, found that heavy volumes of pump and dump spam significantly increase the trading activity and short term prices of the llegially touted stocks. Most pump and dump scams use stocks on Pink Sheets listings, which are stocks of companies that do not have to file with the Securities and Exchange Commission. The probability of a heavy trading day for stocks that were actively touted via spam compared to those that weren’t jumped from 4% to 70%.  The study concludes that spammers typically see a return of 5.79% over a matter of a few days. On the other hand the people who read the spam and buy the touted stock typically lose 5.5.% over the course of two to three days.

To me, the most incredible aspect of the study is that it confirms people actually act on the spam “tips” that show up in their inboxes. In large numbers, no less. That’s mindblowing! Until end-users stop clicking on links in spam mails, stop buying pump and dump stock and secure their bot infected PCs nothing will change for the better.

For any readers who do not know, Pump and Dump works something like this- Spammers buy large amounts of penny stocks with relatively low liquidity. They then send massive amounts of spam touting the stocks they hold as “must buys” or something akin. Once the spam reciepeints start buying the stock and pushing the price up (and, they do), then spammers unload their stokcs at a profit. This floods the market with a high supply of a stock for which there is no natural demand. The marks who buy the stock are now left holding the bag and lose money when they go to sell.

To see a specimin of Pump and Dump spam, go here


Digg! Add to Technorati Favorites  Save This Page


Rising Trend of Mass Mailer Worm Infections

MX Toolbox blacklist consultants report a significant upward trend in the number of mass mailer worm infections leading to blacklisted mail servers. These infections are spewing third party spam from legitimate mail servers and landing businesses on email blacklists.

This is a perfect illustration of the symptom-cause paradigm. According to a Sr. Consultant, “When we speak with people who are getting email bounce backs, they believe that their problem is the blacklist, when in fact it is not. The blacklist issue is usually just a symptom of a deeper problem- open relay, virus/botnet infection, etc.”

Currently, the most common root cause is worm infection. Administrators have to bear in mind that the blacklist problem will continue to occur unless and until the worm or other root cause is fixed. They must also be vigilant, as threats change almost daily.

In the case of the worm infection, administrators have two options- find and remove the worm, which can be next to impossible; or, use a better  email filtering and security service to keep the bad stuff off of your network and to neutralize any of it that may altready be there.

Start-Up Seeks to Charge For Delivery of Commercial Emails…and Cut You In On The Revenue

San Fran start-up Boxbe wants to bill email marketers and spammers for sending consumers email. The model works like this: Consumers set up a free email account and defines an approved senders list. Approved senders can email the consumer for free. Anyone else who wants/trys to send the consumer a message will be charged anywhere from $0.03 to $99 (consumers set the price). Here’s the twist- Boxbe will give 75% of generated revenue to the consumer.

 It’s hard to imagine how this will stop spammers (unless everyone switches to Boxbe), but it may change the game for legitimate email marketers.

Backdoor Trojan Rustock Model for 2007 Threats

The sophisticated 2006 backdoor trojan dubbed Rustock will be modeled by attackers in 2007 and beyond, security experts warn. The trojan uses advnaced rootkit technologies to avoid detection and bypass security software.

 Rustok buries itself into systems, makes changes to the registry system to hide its activities and spews out image spam from hijacked computers. The polymorphic malware can be extremely difficult to find once it is embedded on a system.

Third Word Vulnerability In Nine Days

Microsoft reported yesterday that it was evaluating an as of yet unpatched, “zero day” Word vulnerability. This is the third Word vulnerability reported in the past nine days. Word 2000, 2002, 2003 and Word Viewer 2003 are all affected by the bug, which if exploited could allow a hacker to take control of a target PC. MS investigators warned that exploit code has already been spotted in the wild.

Mysterious “Rock Phish” Behind Surge in Phising Attacks

Little is known about Rock Phish, expect that the individual or gang is suspected to be the most prominent phishing operation in the world.  The group (person???) uses sophisticated social engineering schemes to target US and European finacial institutions and is believed to have cost banks more than $100 Million to date. It is estimated that 1/3 to 1/2 of all phising messages are sent by Rock Phish.  

The group is also credited with pioneering the use of Image Spam and  single use domains to get around spam filters and phising blacklists, respectively. The latest trick is to build new phising addresses with seldom used domain extensions (.st, .md etc.) to bypass phishing filters not programmed to look for URLs with these obscure extensions…which is something that has been picked up and used by spammers recently as well.  

As of October 2006, the Anti-Phising Workgroup estimates that there are ~35,000 Phising Websties.  

Logic BombGets USB Paine Webber Hacker Eight Years In Prison

Disgruntled former USB Paine Webber Employee Roger Duronio was sentenced to eight years in prison for planting a Logic Bomb on the company’s network. The hacker bought $23,000 of put options before the logic bomb began deleting files in the hope that the company stock would go down and he would profit. The stock remained stable despite the attack, Duronio lost his 23 Grand, got caught and will now serve eight years in Federal prison. Fair enough.

 The case has opened a debate surrounding background checks for IT employees in sensitive positions and/or industries. Duronio had a criminal record for assualt and burglary dating back to the 1960s (with charges in the 70s and 80s as well).  Hiring managers may have to rethink how they screen candidates for sensitive IT positions.

For information on Logic Bombs, what they do and how they work, go here.  


UCLA Hacker Attack Exposes Personal Data of 800,000

The personal data of 800,000 current and former UCLA students, faculty and staff has been compromised by hackers, according to AP reports on Tuesday. Most readers have probably already seen the headline and story, but the incident is worth further discussion because it illustrates what seems to be a new cyber crime tactic- slow, quiet, deliberate action to avoid detection. The attacks on the database began in October 2005 and ended on November 21, 2006. Presumably, the hackers were pulling small amounts of data in an attempt to avoid, or at least delay, detection. There is a corollary with Spam methods, where Spammers have shifted tactics from pushing massive amounts of spam from a smaller number of bot infected PCs, to pushing smaller amounts of spam from a huge number of bot infected PCs. The web thugs are not stupid, nor are their tactics static.  


Digg! Add to Technorati Favorites  Save This Page