The e-mails often contain no subject line or message body but have attached to them an MP3 file typically named after a popular music artist. Some of the filenames used include hurricanechris.mp3, allforone.mp3, carrieunderwood.mp3, elvis.mp3, baby.mp3, fergie.mp3, and bbrown.mp3.
The spam is a short, 30-second MP3 file recorded at low bit-rate with a synthetic female voice promoting a particular stock; the voice is heavily distorted to avoid signature-based anti-spam approaches. Spammers are taking advantage of the fact that the MP3 format is one of the most common in use today and that most anti-spam solutions do not handle attachments very well because they do not actually analyze the attachment content.
"MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam. This is their latest attempt to evade anti-spam filters. There is also a social engineering aspect to this tactic because people frequently share MP3 files," David Vella, Director of Product Management for GFI Software, said.
The voice on the MP3 file says the following:
Hello, this is an investor alert
Exit Only Incorporated has announced it is ready to launch its new text4cars.com Web site, already a huge success in Canada, we are expecting amazing results in the USA.
Go read the news and sit on EXTO. That symbol again is EXTO. Thank you
Some of the MP3 files repeat the message twice, rather than once.
"The spammers are already likely to have purchased stock on the cheap, and they are now trying to artificially inflate its price by encouraging others to purchase more. Once the stock rises, they'll quickly sell up, leaving the duped investors crying in the chapel. Thankfully though, it's hard to believe that many internet users will fall for such an amateurish presentation of an 'investor alert'," said Graham Cluley, senior technology consultant for Sophos.
Experts believe that firms should consider policing the types of file which come into their networks via e-mail. To address the MP3 spam threat administrators need to deploy as many anti-spam techniques as possible while at the same time maintaining a very low level of false positives. Additionally, administrators can block attachments or place restrictions on allowable sizes to weed out unwanted material.
Cluley continued, "Users may click on the MP3 file expecting to hear Elvis, but they'll be all shook up when they discover it's actually a voice resembling Marvin the Paranoid Android droning on about a stock that is set to be the next big thing."
