Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
Audio Spam: The Latest Twist on a Never-Ending Security Threat
Researchers say that small MP3 attachments pitching penny stocks are the latest wave in the ocean of unsolicited e-mail.
October 18, 2007 — CIO — A new form of spam using MP3 audio files to send a stock pitch has surged today. Today this audio form of spam has risen from being virtually nonexistant to become 10 percent of all spam traffic, according to several security researchers tracking the phenomenon.
The outbreak is the latest in a string of tactics from the past six months which avoid filters by using file formats not generally blocked or difficult for filters to disassemble and search. It started with "image spam" which used picture files to bypass filters. That was followed by spam that used the PDF file format. Now the audio MP3 version of the spam is spreading rapidly.
In each case, the primary use of the spam is for a pump-and-dump stock scheme. The message tries to entice its viewer (or listener) into investing in a penny stock. If enough recipients decide to invest, the price surges, sometimes doubling. The originators of the scheme then dump their shares at the peak price. The tactic was so effective with image spam that the SEC halted trading on many penny stocks to stop the problem.
In the audio version, the user receives an MP3 file that is socially engineered with a name that invites clicking—either because it is a popular band name or title that seems personal. Some documented titles include: dadsong.MP3, oursong.MP3, weddingsong.MP3, santana.MP3, sayyousayme.MP3, smashingpumpkins.MP3, bbrown.MP3, bspears.MP3, gloriaestefan.MP3, beatles.MP3; answeringmachine.MP3, coolringtone.MP3, listentothis.MP3 and elvis.MP3, according to researchers at Cyberoam, who are tracking the problem. The files range in size from 88KB to 150KB.
When opened, the user hears a synthesized voice pitching the penny stock. The quality is extremely poor. Here's a sample (126KB) from the labs at SecureWorks, which are also tracking the audio spam.
SecureWorks senior security researcher Joe Stewart says his first reaction was that audio spam, while clever, is probably destined for a lower success rate, both because of the poor quality of the audio and because of the amount of end user intervention required. "Who's going to open a stranger's MP3 and listen, and what's the chance they'll repeat that action?" says Stewart. "With visual spam, all you have to do is glance." What's more, in many inboxes the visual is displayed as the message is selected, making it hard to avoid seeing.
Email, blogging and mobile devices are important business tools, but they expose enterprises to legal, financial and regulatory risks.
Outbound email is essential to running any business today — allowing us to share information, work with partners and even interact with customers.
When it comes to technology investments, virtualization demonstrates drop-dead-obvious ROI.
Growing regulations are pressuring enterprises to find effective, affordable and easy email encryption solutions.
Today, there are many ways to approach email security — the question is: what deployment model is right for you?
Riverbed Raises the Ante Again in WDS with RiOS 5.0
Stop mobility from jeopardizing PCI compliance with these best practices.
Find out how the universal client can cut complexity and cost from your mobility environment.
Learn best practices for maximizing your mobile workforce infrastructure.
File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
Encryption Made Easy: The Advantages of Identity Based Encryption
Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response
Building Competitive Advantage with Next-Generation Wireless Infrastructure
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Find out what Forrester says about mobile endpoint security and its management.
Get Forrester's take on simplifying mobility with the universal wireless client.
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Wall Street Beat: Spending Slows, Dell Does Too
Comcast Sets Monthly Bandwidth Limit for Customers
Dell Profit Falls As Revenue Grows
Google Extends Apps Premier Credit for Gmail Outages
Dell Profit Falls As Revenue Grows
Author Beware: 'Net Publisher's IT Pitfalls
Google Introduces Android Apps Store
Malware Infects International Space Station (ISS) Laptops
Google Extends Apps Premier Credit for Gmail Outages
Fujitsu Siemens Shows Its First Netbook
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
