Last evening I analyzed a new type of spam, together with Oliver Auerbach.
It has been published immediately on the avira.com website, thanks to Oliver.
Source: http://www.avira.com/en/security_news/new_type_of_stock_spam.html
Content:
Tettnang, Wed, 20 June 2007 – Avira warns about a new type of spam which is currently sent to users within Germany. The spam claims to be a magazine like edition of “German Stock Insider” and is sent in PDF format.
Today Avira captured a new type of stock spam in their trap system which our antispam analysts haven’t seen until now. Stock spam has become more and more popular and made use of various techniques such as: plain text, text inside an image, images with various variations of techniques to prevent OCR (Optical Character Recognition) scanners to identify dubious mails as spam.
The latest trend in this type of spam is now to send PDF documents instead of an image. The fraudsters are counting on the fact that no filter in the world is expecting a PDF document to be a spam. In this case the PDF document comes attached to an email with a body containing only junk text which is used to trick spam filters.
Stock spam is spam that promotes a company’s stock, passing it as a “hot” stock tip. The purpose is not to make you buy a product or service. It usually takes the form of a friendly “advice” on the prospects of a targeted company. This comes along with real price quotes and share buying recommendations due to the prospect of a huge short term profit. These hot tips advertise genuine companies, listed on real stock exchanges around the world. In case the stock increases it’s value artificially the fraudsters will sell their shares with profit.
In this particular case the subject line “Fw: _report.pdf„ of the email even contains the receiver’s name, for example: “Fw: robert_report.pdf„. This spam is counting on human curiosity to open a document which at the first glance seems to be generated for the user receiving the email. Even though the content of the PDF is in English it specifically targets German readers as expressions like “we are expecting our German readers to jump on board” are used.
All documents received in Avira’s traps are identical which means so far without randomizations techniques. Avira Spam-Experts expect to see this new technique to be used more frequently within the next days with slightly different content and various different improved techniques. We strongly advice never to buy any stocks that were advertised by using spam techniques.
© Copyright 2007 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
It showed up also here:
http://www.forbes.com/fdc/welcome_mjx.shtml
A newer type has arrived.
The old image with anti OCR techniques now in PDF.
Check on jgc.org for more details.