Internet security firms are reporting a new trend in the “pump-and-dump” spam world — e-mails containing MP3 advertisements.
McAfee Avert Labs reported the phenomenon yesterday. “The spammed MP3 attachments promote a company enjoying huge success in Canada and expecting amazing results in the USA,” wrote McAfee’s Vinoo Thomas “These audio files are of very poor quality and one has to literally strain one’s ears to hear what’s being announced.”
The MP3 ads were encoded using the free LAME 3.97 and sound awful.
McAfee provided a list of filenames — take a look:
“In the last year or so we have seen multiple file types being used in spam runs in an attempt to subvert traditional anti-spam detection techniques. From plain text to ASCII art, image spam, DOC, FDF, PDF, RAR, and XLS,” Thomas wrote. “Thinking out of the box has given stunning results for these creative spammers.”
This doesn’t come as a surprise to industry pros.
“MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam.” said David Vella, director of product management for GFI software. “This is their latest attempt to evade anti-spam filters. There is also a social engineering aspect to this tactic because people frequently share MP3 files.”