Spammers, hoping to score thousands of dollars after ditching the stock theyve flimflammed targets into purchasing, are inundating email boxes with one of the largest pump-and-dump scams in history.
The attack likely has been spawned from another larger virus blitz that has been in the works since July, which has already been called the largest blended assault on end-users in two years — the ultimate goal being the expansion of the "Storm Worm" botnet.
After the pump-and-dump attack was launched from the Storm botnet between Aug. 7 and 9, Postini researchers saw the volume of spam rise to an average of 53 percent of all email in one day, with peak loads as much as 175 percent above normal, said Adam Swidler, senior manager of Postini's Solutions Marketing group.
"These botnets are really grid computing gone bad, harnessing the power of over one million PCs to launch these attacks," he said.
He added that this is one of the biggest pump-and-dump spam scams his analysts have seen, with the total amount of spam up 445 percent in just one day.
Spammers spearheading this particular pump-and-dump scheme sent PDF attachments to recipients, soliciting them to buy stock in Prime Time Group Inc., resulting in the artificial inflation of the stock price.
After the stock price rises, spammers sell the stock they purchased, often enabling them to make thousands of dollars a day, according to Postini reports.
The Storm Worm was first seen in January, spamming emails with exaggerated news reports about the month’s deadly European wind storms in an effort to get end-users to download malware.
The IT - Information Sharing and Analysis Center (IT-ISAC) is aware of this event and has alerted its members, said Scott Algeier, executive director of the collective of IT companies that tracks and addresses internet-based threats to protect private companies and communities and the nation’s critical infrastructure.
"Without commenting specifically on this case, we have seen an increasing trend recently in which criminals are using the internet to launch attacks for financial gain," said Algeier. "In the past, the focus was on those threats and incidents that caused harm to the internet infrastructure itself — think Code Red or NIMDA. Now we have some people who need the internet so that they commit crimes and make money, but we also are concerned about others who would like to 'take down' or disrupt the internet."
It seems such concerns are warranted. According to Postini's Swidler, a massive virus attack has been underway since July 16.
"Over 715 million virus emails have been sent out in that period, the largest attack in over two years, 19 times greater than any previous attack in that timeframe," he said. "It is a 'blended threat' that mixes email and web links to get the virus onto the computer. Its purpose is to seed the Storm botnet and add new bots for future spam, virus and other attacks."
Click here to email Editor-in-Chief Illena Armstrong.
Click here for the latest SC Magazine Podcast – Aug. 6, 2007: Interview with Jeff Moss, Black Hat founder and director.