New type of Stock Spam : PDF Stock Spam

Last evening I analyzed a new type of spam, together with Oliver Auerbach.
It has been published immediately on the avira.com website, thanks to Oliver.

Source: http://www.avira.com/en/security_news/new_type_of_stock_spam.html

Content:


Tettnang, Wed, 20 June 2007 – Avira warns about a new type of spam which is currently sent to users within Germany. The spam claims to be a magazine like edition of “German Stock Insider” and is sent in PDF format.

Today Avira captured a new type of stock spam in their trap system which our antispam analysts haven’t seen until now. Stock spam has become more and more popular and made use of various techniques such as: plain text, text inside an image, images with various variations of techniques to prevent OCR (Optical Character Recognition) scanners to identify dubious mails as spam.

The latest trend in this type of spam is now to send PDF documents instead of an image. The fraudsters are counting on the fact that no filter in the world is expecting a PDF document to be a spam. In this case the PDF document comes attached to an email with a body containing only junk text which is used to trick spam filters.

Stock spam is spam that promotes a company’s stock, passing it as a “hot” stock tip. The purpose is not to make you buy a product or service. It usually takes the form of a friendly “advice” on the prospects of a targeted company. This comes along with real price quotes and share buying recommendations due to the prospect of a huge short term profit. These hot tips advertise genuine companies, listed on real stock exchanges around the world. In case the stock increases it’s value artificially the fraudsters will sell their shares with profit.

In this particular case the subject line “Fw: _report.pdf„ of the email even contains the receiver’s name, for example: “Fw: robert_report.pdf„. This spam is counting on human curiosity to open a document which at the first glance seems to be generated for the user receiving the email. Even though the content of the PDF is in English it specifically targets German readers as expressions like “we are expecting our German readers to jump on board” are used.

All documents received in Avira’s traps are identical which means so far without randomizations techniques. Avira Spam-Experts expect to see this new technique to be used more frequently within the next days with slightly different content and various different improved techniques. We strongly advice never to buy any stocks that were advertised by using spam techniques.


© Copyright 2007 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

2 Comments on "New type of Stock Spam : PDF Stock Spam"

  1. A newer type has arrived.
    The old image with anti OCR techniques now in PDF.
    Check on jgc.org for more details.

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close