by CIO Staff

Pump-and-Dump Spam Turns Subliminal

Sep 08, 20062 mins

Persistent spammers running pump-and-dump campaigns have resorted to subliminal messages, according to antispam vendor Sophos.

One recent campaign circulated via e-mail contains a GIF animation set to flash “BUY” every 15 seconds, which SophosLabs compares to subliminal advertising and political campaigns.

A SophosLabs official said that while pump-and-dump campaigns account for about 15 percent of spam (up 0.8 percent from January 2005), the use of GIF images in stock market spam has risen almost 17 percent since January (18.2 percent) this year.

SophosLabs senior technology consultant Graham Cluley said the use of animations to circumvent spam filters that identify character recognition is used globally and in multiple languages.

“Animated graphics are being used in image spam campaigns to try and weave past filters which may be attempting optical character recognition to decipher the messages that spammers send,” Cluley said.

“We have seen image spam being used around the world—not just in English, but languages such as Russian and Italian. It’s likely that more spam will use the technique to try and get past gateway filters.

“These messages try to be subliminal, but it is questionable whether it would subconsciously influence armchair investors into buying more stock,” Cluley said.

SophosLabs’ head of technology for Asia Pacific, Paul Ducklin, said pump-and-dump campaigns are used because they use the stock exchange as a legal forum, rather than offering malicious attachments or links, or attempting to gain personal details.

“A spammer could live in Venezuela, selling stocks from Canada via a botnet in Israel to customers in Australia,” he said.

And it’s not that users are gullible. Ducklin said spammers steal professional designs and replace minor details to include the junk bonds and an almost invisible code designed to fool antispam software.

“It’s not difficult to create the flyers; you rip the content from professional marketing campaigns and change the details to match the share you’re selling,” he said.

“The better versions have faded text designed to be difficult to see with a naked eye, but it is enough to fool some conventional spam software.”

-Darren Pauli, Computerworld Today (Australia)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.