Spammers' new MP3 trick may be short-lived

A variation of spam is sliding past spam filters into inboxes, but it's not likely the new trick will be successful much longer, a security expert said Thursday.

The spam messages, urging recipients to buy a stock, have an MP3 audio attachment but no subject line or text, said John Graham-Cumming, an anti-spam consultant and researcher who is based in France.

"I think this is the first time we've seen this," said Graham-Cumming, who tracks new kinds of spam.

The audio messages, which vary in length, contain a warbled, robotic voice with a British accent encouraging people to invest in Exit Only, a company that owns a Web site, www.Text4Cars.com, which connects vehicle buyers and sells through SMS (Short Message Service). Exit Only says it's not involved in sending the spam.

Graham-Cumming said the spam falls into the category of "pump and dump" fraud. Scammers invest in a company with a low-priced stock and send out a round of spam, causing gullible investors to buy it and increase the stock's price.

As the stock price peaks, fraudsters cash out, which causes the stock to precipitously fall, burning other investors. The practice is illegal.

Exit Only was trading around $0.41 on Thursday. Not much detail is available on the company, but it issued a news release on Tuesday heralding the launch of its Text4Cars service in the Los Angeles area. The news release said the company hoped to be fully launched in the United States in early 2008.

Exit Only's CEO, David Dion, said he learned of the spam around Wednesday morning. He has since notified the U.S. Securities and Exchange Commission and said his company has nothing to do with the spam run.

"I am very distraught by this," Dion said.

Dion said only about 100 shares have been traded so far, so the scam hasn't been successful.

The messages are more annoying than harmful. But there are a variety of defenses e-mail administrators and security companies can employ to stop it, Graham-Cumming said.

Spam filters can be configured to cull messages with MP3s, since most companies don't have a business use for the file type, Graham-Cumming said. Administrators can also change their e-mail server settings to slow down the speed at which they receive messages with MP3 attachments, he said.

That method has been proven to frustrate spammers, who typically shut down the connection if the spam isn't going through quickly enough since the delay consumes valuable bandwidth, Graham-Cumming said.

These spam messages are also relatively large -- around 100KB -- compared to other spam, which may be another reason this kind of spam may not be around for long. Spam messages with larger file sizes require more bandwidth to send, meaning spammers can't send out high volumes of messages, Graham-Cumming said.

"Honestly, my prediction is this is going to be around for a while and disappear," he said.

E-mail security company MessageLabs said it was catching about 10,000 spam messages with MP3s per hour since late Wednesday night.