Once again spammers are seeking to benefit from fluctuations in the turbulent financial markets, most notably by sending large volumes of spam relating to certain “pink sheets” stocks in an attempt to “pump” the value of these stocks before “dumping” them at a profit.
This is one of the findings of the August 2011 Symantec Intelligence Report, which now combines research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report.
In a pump-and-dump stock scam, spammers promote certain stocks in order to inflate the price as much as possible so that they may then be sold before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false.
A successful pump-and-dump spam campaign will artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to the original low price.
“Scammers can make substantial profits in a matter of days with a well-executed pump-and-dump spam. In the current turbulent environment many people may be convinced to invest in stocks that the scammers claim will benefit from the market turbulence,” says Paul Wood, senior intelligence analyst at Symantec.cloud.
Further analysis also revealed that there were as many new boot time malware (MBR) threats in the first seven months of 2011 as there were in the previous three years. An MBR is an area of the hard disk (usually the first sector) used by a computer to perform start up operations. It is one of the first things to be read and executed by the computer hardware when a computer is powered on, even before the operating system itself.
“MBR infections offer great scope for deep infection and control of computers, which makes the idea attractive to malware creators. Contemporary MBR infection methods are a fairly complex affair usually executed by highly skilled individuals,” Wood says.
Analysis also reveals that, while global spam levels were lower in August compared to the previous month, phishing activity increased in August, with many increases coming from attacks related to major brand names such as those related to Apple’s iDisk service and a variety of Brazilian companies and services, including social networking and financial brand names.
Report highlights include:
* Spam: In August 2011, the global ratio of spam in email traffic declined to 75.9 percent (1 in 1.32 emails); a decrease of 1.9 percentage points when compared with July 2011. Spam accounted for 74.0 percent of email traffic in South Africa.
* Phishing: In August, phishing email activity increased by 0.01 percentage points since July 2011; one in 319.3 emails (0.313 percent) comprised some form of phishing attack. In South Africa, the rate of emails blocked as phishing fell to one in 256.9.
* E-mail-borne threats: The global ratio of email-borne viruses in email traffic was one in 203.3 emails (0.49 percent) in August, an increase of 0.14 percentage points since July 2011. Even though emails containing malicious content dropped to one in 160.7, South Africa’s virus infected email is the fifth-highest in the world.
* Web-based malware threats: In August, Symantec Intelligence identified an average of 3,441 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 49.4 percent since July 2011.
* Endpoint Threats: The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit, a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions. Variants of the Ramnit worm accounted for 15.8 percent of all malicious software blocked by endpoint protection technology in August.