Kaspersky Lab detects the first mass mailing of MP3 spam

Kaspersky Lab detects the first mass mailing of MP3 spam

Kaspersky Lab, a leading producer of secure content management systems, has detected the latest step in the evolution of spam: the mass mailing of MP3 audio files. This trend was first detected in European mail traffic by the company’s spam analysts.

The spam circulating in MP3 files is so-called stock spam, which is designed to artificially increase the price of certain stocks by advertising them. This type of spam first appeared in August of last year and has since then become widespread. It is notable that spammers actively use a number of innovative methods when sending this type of spam in an attempt to evade detection by spam filters: for instance, stock spam was sent in the first mass mailing to use specially crafted graphics files containing background ‘noise’, and in .pdf files, which at the time could not be detected by spam filters.

The mass mailing of MP3 audio files is the latest turn of the screw in the battle between spammers and antispam developers. The emails which Kaspersky Lab has detected do not contain any text. However, the attached MP3 file contains a recording which is between 25 and 33 seconds long. If the user opens the file, s/he will hear a distorted female voice advertising stocks in a company called Exit Only Inc; a move on the part of spammers to inflate stock prices, and make a profit on subsequent sales of stock belonging to the advertised company.

This mass mailing appears to be a trial run on the part of the spammers; however, it’s unsuccessful due to certain technical restrictions. In order to make the spam emails as small as possible, the spammers have used a very poor quality recording. Users who open the file will find it hard to understand the recording even if it is played at high volume. Additionally, in order to evade spam filters, the spammers have modified the recording each time it is sent, further decreasing the quality.

Predictions of MP3 spam have been circulating for some time. However, Kaspersky Lab analysts believe that this type of spam is unlikely to evolve significantly. It is also unlikely to become widespread due to the need to trade recording quality off against email size. As most users won’t even bother to try and listen to a poor quality recording, this type of mass mailing is hardly effective.

“Users often send each other short audio files with funny recordings – it seems as though spammers are banking on the fact that users think these files worth listening to. A user gets an MP3 file and thinks it’s going to be something funny or interesting, so they’ll open it. But the spammers are limited in the size of recording they can send, which is why the quality of the recording is very bad. We probably will see more MP3 mass mailings, but they won’t have any real effect on our spam statistics” said Andrey Nikishin, Director of Kaspersky Lab’s IT security outsourcing operation.

About Kaspersky Lab

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The Company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com.

18 Oct 2007