Reseller News

Spammers up the stakes, attack MP3s

The emergence of MP3 spam in October shows how creative spammers have become, according to security and storage vendor Symantec.

New deployment systems by spammers are causing more headaches for local companies, says Symantec senior systems engineer Rogan Mallon.

“Pump and dump stock spam has been the major type of spam observed by Symantec for some time now. So it comes as no surprise when we came across a small-scale attack where MP3 files were used to promote specific stocks. The average size of the MP3 files was approximately 63.3 KB, with the garbled stock tip lasting for about 30 seconds.”

Organisations should block any MP3 downloads as they are not a legitimate use of business time, says Mallon, but adds PDF spam files are more of a problem.

“PDF files are constantly used, so it can be difficult to determine if they are legitimate or not. The best solution is to employ good anti-spam catchers, because clicking on spam PDFs can launch malware and bot files onto your PC.”

Another common trick is spam that manipulates Google links and embedded URLs.

“This type of user-intervention spam, where you have to physically click, is a last ditch effort by spammers because most spam is image based. A good idea is to turn the HTML-enabled function off in your email system, so you only receive text,” says Mallon.

Symantec says regional spam trends for the Asia Pacific region showed financial spam had the largest share at 33 percent. This figure is contrasted by a global percentage of only 14 percent for financial spam. The adult and fraud categories also differ significantly from global percentages. Adult spam makes up 2 percent compared with 7 percent globally, while fraud makes up 1 percent that compares with 7 percent globally.

Mallon says the adult spam difference comes down to New Zealanders being generally more conservative. Product spam took a large regional chunk at 29 percent