We?ve seen a bunch of spam messages hit the spam traps today. Each has an mp3 attached, the file is named after one of many popular artists or groups. Fearing a visit from the RIAA I decided to quickly check out the tracks. To my horror, no music was to be had! They are all stock spam!
I?ve been quietly wondering how long it would be before spammers started using audio formats to spamvertise. Well, it seems today is the day. The stock spammers are using attached mp3 files to advertise the stock EXTO.
The messages are quite random, some have multiple mime parts where others have a single mimepart. Most, but not all, have no subject. The mp3 tracks themselves are randomized. The voice is female and multitone, the pitch varies between mp3 and seems to be adjusted throughout the track. The file sizes are also varied.
Neil, SophosLabs AU
Report of 18.10.2007
Elvis fans need to beware of a new departure in stock spam. The MP3 attachment to that email may not be of the King at all. According to security vendor Sophos, they might find themselves listening to a synthesised voice promoting an obscure Canadian penny stock instead. Other "featured artists" include the Beatles and Britney.
The dreary voice on a 29 second specimen of the track (MP3) from Sophos is reminiscent of a Dalek's and the sales pitch is banal and unprofessional. However, although salesmanship may be lacking, this is apparently a serious attempt at stock spamming: Message Labs informed heise Security that they have intercepted some 10 thousand of these messages per hour since they started appearing around 11 pm BST yesterday (17 October). Nevertheless, we suspect this scam is unlikely to fool many recipients.