Symantec analysts said the video stream linked to these spam messages is about 30 seconds long, and they described the quality as “very impressive,” with crisp resolution and clear sound.
An example posted on the Symantec Security Response blog promotes stock for Wave Uranium Holding, a western U.S. mining concern. According to Symantec, the video mimics a legitimate TV or online media commercial for the company. When it finishes playing, the video stream redirects to a legitimate-looking newsletter that uses the name of a professional financial analyst and provides more details on the stock symbol.
Pump-and-dump stock scams have accounted in recent years for a significant percentage – some estimates are as high as 20 percent of the total – of spam messages. Spammers acquire stock, most often “penny stocks” (selling for less than $1 per share and not trading on major exchanges), before sending the messages and then sell them quickly after the messages are sent.
According to Symantec, the use of high-quality video streams is the latest in a series of upgrades to the traditional email penny-stock spam, which deploys JPEGs embedded in the email message, followed by URLs that are redirected to other JPEGs. In recent months, there also has been a surge in pump-and-dump messages utilizing PDFs and MP3 files formats, Symantec said.
Last month, security researchers and law enforcement authorities traced a huge stock spam bombardment to a network of Russian hackers said to control a botnet encompassing up to 70,000 zombie computers seeded with the SpamThru trojan. Also in November, approximately 250,000 computer users were victimized by a stock spam pop-up seeded with the notorious Storm Worm trojan.