Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Flavour of Spam - MP3 Stock Scams

Zonk posted about 7 years ago | from the tastes-just-terrible dept.

Spam 170

An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"

Sorry! There are no comments related to the filter you selected.

Check this... (-1, Troll)

Anonymous Coward | about 7 years ago | (#21030073)

mn scceo smed gcemb mo mgndgn cg oicrmgf oliidoo
umnv b smglx-wcudrdp mgndrgdn nbqsdn. nvd ictwbga
vbo lgydmsdp nvd g810, mno nvmrp bnndtwn
bn vmnnmgf b vctd rlg umnv nvd icgidwn. nvd gdu tcpds
bppo b osmpd-cln vbrpubrd edaqcbrp, bgp bsoc b
qlmsn-mg fwo rdidmydr bgp kt nrbgotmnndr
(kcr mg-ibr smondgmgf), btcgf b gltqdr ck
cnvdr dgvbgidtdgno (oliv bo b kbondr iwl bgp tcrd tdtcra). bn nvmo

wcmgn, nvd pdymid mo wcomnmcgdp bo bg
dtbms bgp qrcuomgf nccs, b ocimbs
gdnucremgf bmp, b fwo, b ycmw wvcgd, bgp
b tlsnmtdpmb wsbadr (bgp onrdbtdr, nvbgeo nc qlmsn-mg umkm).
umss nvmo wrcyd bga tcrd oliidookls nvbg nvd nuc
wrdymclo mndrbnmcgo ck nvmo ckkdrmgf?

Well hey now (5, Funny)

SpiffyMarc (590301) | about 7 years ago | (#21030087)

Let's not get hasty. Some of us rely on those daily pump-n'-dump stock scams to support our families.

Won't you think of the shady day-traders?

Re:Well hey now (1)

varmittang (849469) | about 7 years ago | (#21030885)

1) Send MP3 of Stock info?
2) Pump and dump stock
3) ????????????
4) Feed the Shady day-traders family.

Re:Well hey now (0)

Anonymous Coward | about 7 years ago | (#21031369)

http://www.spamstocktracker.com/ [spamstocktracker.com] enough said.

Better idea: block all text in email (4, Funny)

Sub Zero 992 (947972) | about 7 years ago | (#21030113)

Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all text in email as a matter of course. So many text files infringe intellectual property and patented business methods, and it can be hard for a company to establish which words are legal and which lemmas are not after they have arrived. Blocking all letters, or at least the letters J-M and all the vowels until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal and/or infringing message sharing. It also has the benefit of neutralizing this most spam at the same time.

Re:Better idea: block all text in email (1, Funny)

arminw (717974) | about 7 years ago | (#21030287)

....some companies might consider blocking all text in email as a matter of course........

We can all go back to hand written letters and slide rules--- well maybe adding machines are OK. Who needs all this new fangled computer stuff. The plain old phones work well for those who can't wait for the mailman. We get lots of paper junk mail also, but at least we get a little heat from that when it is consumed in our wood stove.

Re:Better idea: block all text in email (2, Insightful)

Shakrai (717556) | about 7 years ago | (#21031155)

some companies might consider blocking all text in email as a matter of course

You got +5 funny, but you really deserved +5 insightful.

Seriously. Since when did it become my job as a network admin to "take a proactive stance against illegal file sharing". As long as my users aren't bogging down my network I DON'T CARE WHAT THEY ARE DOING. If they are doing something illegal then I would assume that law enforcement will catch up to them sooner or later.

Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing

Yes, cuz e-mail has displaced P2P/bittorrent as the preferred method for sharing songs and warez. Give me a fucking break! I would suspect that less then one percent of copyright infringement (as it relates to music) takes part over e-mail.

Re:Better idea: block all text in email (2, Funny)

brianosaurus (48471) | about 7 years ago | (#21031219)

No need to block the letters. Just block all 4-letter words. That will keep stock symbols from appearing. As a bonus, it will neutralize most swear words, making email "safe" for children and christians.

And the best part: the solution doesn't sound like contrived RIAA propaganda. I mean, really. Who ever heard of mp3 files that infringe copyrights?

Re:Better idea: block all text in email (3, Funny)

Torvaun (1040898) | about 7 years ago | (#21031335)

No need to block the letters. Just block all 4-letter words. That will keep stock symbols from appearing. As a bonus, it will neutralize most swear words, making email "safe" for children and christians.

And the best part: the solution doesn't sound like contrived RIAA propaganda. I mean, really. Who ever heard of mp3 files that infringe copyrights?
Turns into:

No to block the letters. block all 4-letter words. stock symbols appearing. As a bonus, it neutralize swear words, making email "" for children and christians.

And the: the solution doesn't sound contrived propaganda. I, really. Who heard of mp3 files infringe copyrights?
Now it matches the spam I get grammatically...

Show of hands, please... (2, Funny)

jabber (13196) | about 7 years ago | (#21030117)

So, who thinks the RIAA is behind this?

Re:Show of hands, please... (-1, Troll)

zappepcs (820751) | about 7 years ago | (#21030205)

See my earlier posting, (tin foil hat on) this is just one step to justify the war against copyright infringement. They have proven that the copyright terrorists are using our vastly superior email systems to commit their atrocities. We'll just get ISP's to block all MP3's by proving that when attached to emails, MP3 files can only be spam or terrorist activities. Once we have that filtering in place, the 'people' will be happy that we are protecting them from the evils of copyright terroristas.

Then we can pressure Cisco et al to put this al-gore-ithm in the routers (tube control points) so we can monitor more Intarweb traffic than ever before.

Re:Show of hands, please... (1)

Nullav (1053766) | about 7 years ago | (#21030879)

We'll just get ISP's to block all MP3's by proving that when attached to emails, MP3 files can only be spam or terrorist activities. Once we have that filtering in place, the 'people' will be happy that we are protecting them from the evils of copyright terroristas.
Well good on 'em! It's about time we all moved to FLAC, anyway.

Re:Show of hands, please... (0, Troll)

timtimtim2000 (884095) | about 7 years ago | (#21030243)

I was just going to suggest this! Bastards!

Re:Show of hands, please... (1)

Presto Vivace (882157) | about 7 years ago | (#21030871)

I had the same reaction.

Re:Show of hands, please... (1)

bobdotorg (598873) | about 7 years ago | (#21031295)

So, who thinks the RIAA is behind this?

Not a chance. Way too subtle, and thinking too many steps ahead to be a creation of the clumsy, heavy hands of the RIAA.

Not that they would be above wasting the resources of innocent third parties via illegal pump and dump emails to try to hamper the efforts of copyright infringers, it's just a bit too clever to be their invention.

Flavour (1, Insightful)

Anonymous Coward | about 7 years ago | (#21030155)

I prefer the 'u' in flavour - Hannibal Lector

Ugh, please don't block file types... (4, Informative)

MightyYar (622222) | about 7 years ago | (#21030161)

I hate when a certain file type gets blocked. Just today I had to rename my exe files so that I could send them in gmail... even though they were zipped! Yes, gmail actually looked inside my zip file to see if there were any exe files...

So of course, now the instructions to use my script have to include renaming exe files after unzipping.

Re:Ugh, please don't block file types... (3, Informative)

Constantine XVI (880691) | about 7 years ago | (#21030337)

Use another archive format (like 7z, RAR, tar.gz, etc.), or rename your .zip to something like .piz. Foils it every time.

Re:Ugh, please don't block file types... (4, Funny)

MightyYar (622222) | about 7 years ago | (#21030801)

Arg, why didn't I rename the zip? Duh.

Re:Ugh, please don't block file types... (3, Informative)

necro2607 (771790) | about 7 years ago | (#21030421)

Easy solution, put a password on the ZIP archive. Be sure to check the option "encrypt filenames" as well, if available. :)

Re:Ugh, please don't block file types... (1)

MightyYar (622222) | about 7 years ago | (#21030959)

Long story short, I tried that from where I was and the zip command "did not support encryption" and helpfully recommended that I recompile with encryption turned on :)

As another poster pointed out, I should have just renamed the zip file to .zippy or something.

Re:Ugh, please don't block file types... (1)

Burning1 (204959) | about 7 years ago | (#21031669)

I developed spam filtering infrastructure a few years back while I worked at an ISP.

Password protecting a zip archive still allows for a directory listing. Most filterers that reject email based on filename simply preform a zip contents list, and reject based on the results. Most filtering solutions will separately attempt to extract the ZIP for virus scanning.

Although I don't have any direct experience with it, a zip password and encrypting the filenames you mentioned should allow your email to bypass the file restrictions. A WinRAR self extracting archive may also work, though many full featured filtering solutions will preform the same kind of scans on RAR archives as well.

The point is, I wouldn't rely on encrypting the zipfile alone.

Re:Ugh, please don't block file types... (1)

jimicus (737525) | about 7 years ago | (#21030839)

It's a tough call for a mail admin.

You have the choice of "ban executable attachments" or "increased risk of something making it through your antivirus scanning". Frankly, I think both options are pretty awful. But I would far rather deal with the occasional hacked off user than the aftermath of an executable containing something nasty. I've seen that before and it really isn't much fun, even in an otherwise reasonably well managed network.

Re:Ugh, please don't block file types... (1)

MightyYar (622222) | about 7 years ago | (#21031263)

Except that gmail is blocking OUTBOUND exe files wrapped in zip files! Inbound might make more sense, though it's still wrapped in a ZIP.

Re:Ugh, please don't block file types... (1)

YrWrstNtmr (564987) | about 7 years ago | (#21031377)

From Googles perspective, it is inbound.

Re:Ugh, please don't block file types... (1)

slapout (93640) | about 7 years ago | (#21031659)

Our mail system blocks zips. Even if they're empty. I know. I tried.

320Kbps MP3 Spam... (5, Funny)

Starteck81 (917280) | about 7 years ago | (#21030173)

... sound so rich you can almost see the pink and taste the meat.

Re:320Kbps MP3 Spam... (4, Funny)

spleen_blender (949762) | about 7 years ago | (#21030347)

Wait... that is supposed to be meat? Why didn't you tell me I was eating this?!

Re:320Kbps MP3 Spam... (1)

veganboyjosh (896761) | about 7 years ago | (#21030577)

by spleen_blender (949762) Alter Relationship on Thursday October 18, @01:51PM (#21030347) Wait... that is supposed to be meat? Why didn't you tell me I was eating this?!

well, what kind of smoothie did you think it'd be?

Re:320Kbps MP3 Spam... (1)

spleen_blender (949762) | about 7 years ago | (#21031133)

Yeah right... and next thing you're going to tell me is ham, bacon, and pork chops all come from some delicious magical animal. Damn liberal /.ers

What's the saying about a fool and his money? (4, Insightful)

mcmonkey (96054) | about 7 years ago | (#21030177)

The realize the real victims are the rest of us who suffer the extra traffic on the internet and in our mail boxes, but who is smart enough to check email, play an mp3 file, and have money to lose and yet still be dumb enough to fall for this?

This isn't a scam, it's economic darwinism.

Re:What's the saying about a fool and his money? (1)

MightyYar (622222) | about 7 years ago | (#21030223)

Ahhh, but poor people tend to have MORE kids.

It is in smart people's best interest to make sure that stupid people are as rich as possible.

Re:What's the saying about a fool and his money? (1)

fastest fascist (1086001) | about 7 years ago | (#21030279)

Why, so they (the stupid people) can better ensure their numerous progeny make it to breeding age as well?

Re:What's the saying about a fool and his money? (0, Flamebait)

MightyYar (622222) | about 7 years ago | (#21030557)

Well, I suppose that my theory is that stupid people don't breed significantly more than smart people - but poor people breed more than rich people. So if you want to minimize stupid people, you need to make them rich or kill them before they hit sexual maturity (which is 11 in Maine if you're watching the news).

Re:What's the saying about a fool and his money? (1)

plague3106 (71849) | about 7 years ago | (#21030947)

Have you tried talking to some poor people? I've come to the conclusion that poor people are poor because they are stupid more than anything else.

Re:What's the saying about a fool and his money? (1)

plague3106 (71849) | about 7 years ago | (#21030915)

Actually its in the smart peoples' best interest to make sure stupid people don't reproduce at all.

Re:What's the saying about a fool and his money? (1)

larry bagina (561269) | about 7 years ago | (#21030665)

Most stock spam articles on /. generate advice to 1) short sell the stocks (which is basically impossible to do with penny stocks) or 2) buy the stock early and sell it back to all the other suckers who are doing the same. Get rich quick schemes generate a reality distortion field.

Re:What's the saying about a fool and his money? (0)

Anonymous Coward | about 7 years ago | (#21030963)

No. It isn't economic Darwinism.

It's continual degradation of the Signal-to-Noise ratio of email across the internet.

That Spam won't exist for long (3, Insightful)

Opportunist (166417) | about 7 years ago | (#21030233)

Unlike pictures or HTML, people don't usually get a lot of MP3s via mail. Companies, like the article said, don't at all. People usually either use FTP or P2P access to get their MP3s illegally or through iTunes or similar services legally. And if they don't know what an MP3 is, they won't see (or hear, in that case) the spam at all, afaik there's no built-in support for MP3 in the various mail programs (and if there is, that's at best a reason NOT to use a certain mail client).

So I'd guess this is a short lived problem.

Re:That Spam won't exist for long (2, Interesting)

LWATCDR (28044) | about 7 years ago | (#21030395)

Yea I wondered why I got an MP3 in my email this morning. I thought it was probably some new buffer exploit that I hadn't heard of yet. Dang I wish I had listened to it now.

Re:That Spam won't exist for long (1, Interesting)

Anonymous Coward | about 7 years ago | (#21030533)

FTP or P2P access to get their MP3s illegally

Umm ... except for those artists and fans that use ftp and p2p services to legally distribute their works ...

Lotus Notes does... (1)

Belial6 (794905) | about 7 years ago | (#21030719)

I just checked. Lotus Notes does support MP3s. I don't know if they use the codec from the OS or if they implement their own, but when you say to view the file, it opens a new tab and plays the MP3.

Why you would thank that supporting file types would mean that you should not use an application is baffling.

Re:That Spam won't exist for long (1)

dafradu (868234) | about 7 years ago | (#21031447)

afaik there's no built-in support for MP3 in the various mail programs (and if there is, that's at best a reason NOT to use a certain mail client).
Mail client, i don't know... but gmail plays yours MP3 directly from the browser window.

Re:That Spam won't exist for long (1)

Nezer (92629) | about 7 years ago | (#21031467)

afaik there's no built-in support for MP3 in the various mail programs (and if there is, that's at best a reason NOT to use a certain mail client).
I disagree. Apple Mail supports inline media attachments supporting everything Quicktime does. I find the mp3 an excellent way to attach voicemail to email and use it all the time. if a particular mail client doesn't support inline mp3s, to me this is a reason *NOT* to use it! It's very nice to manage voicemail with the exact same tools as email.

Mail program (1)

baomike (143457) | about 7 years ago | (#21030247)

I wonder is they thought about how the MP3 play in PINE?

Re:Mail program (1, Informative)

Anonymous Coward | about 7 years ago | (#21030399)

It is possible to associate the MP3 attachments with mplayer or whatnot.

Pine doesn't do it as default, and I don't know anybody who would do that. It's possible, though.

Only way I'll listen to these... (1)

lhen218 (1176023) | about 7 years ago | (#21030259)

is if they were encoded in FLAC, because I am audiophile connoisseur.

Re:Only way I'll listen to these... (4, Funny)

wjhoffman1983 (1145155) | about 7 years ago | (#21030895)

You have a fine taste for audiophiles? ;)

This was a triumph. I'm making a note here... (1)

Sockatume (732728) | about 7 years ago | (#21030263)

Are they pumping Aperture Science stock?

Re:This was a triumph. I'm making a note here... (1)

Rude Turnip (49495) | about 7 years ago | (#21030605)

Apparently, cake will be served at the end of the stock seminar!

Re:This was a triumph. I'm making a note here... (0)

Anonymous Coward | about 7 years ago | (#21031269)

> Are they pumping Aperture Science stock?

Nope, that's Cheesecake Factory NASDAQ: CAKE [yahoo.com] , where there's plenty of fucking cake!

Just how serious are they about canning spam? (1)

edwardpickman (965122) | about 7 years ago | (#21030277)

If they'd just block any e-mail with headings containing "penis" and "enlarge" half my spam would go away. I think I can survive loosing the odd e-mail a friend sent me about how he enlarged his penis.

Re:Just how serious are they about canning spam? (1)

larry bagina (561269) | about 7 years ago | (#21030731)

loosing: To relax; to loosen; to make less strict.

If the goatse man survived it, you can survive. I'm sure your odd friend with an enlarged penis will be humbled.

Re:Just how serious are they about canning spam? (1)

JCSoRocks (1142053) | about 7 years ago | (#21031241)

Yes Yes Yes. Read my signature my friend :) hehe.

Re:Just how serious are they about canning spam? (0)

Anonymous Coward | about 7 years ago | (#21030983)

Please don't loose [reference.com] your stipid emails about your wish to enlarge your teensy little pecker on the world!

I beg of you, please think of the children!

Who falls for this stuff? (1)

rlp (11898) | about 7 years ago | (#21030293)

I thought the 419 stuff was lame. I'm amazed that anyone would actually invest in a stock based on a spam message. Is the pool of idiots with investment dollars actually big enough to allow the spammers to make money?

No one "falls" for it. (4, Insightful)

khasim (1285) | about 7 years ago | (#21030353)

But there is a group of people who THINK that they can ride on the scammer's pump-n-dump scheme and make some money on the up-side of the pump.

These are the people who know it's wrong and don't have the guts themselves to run a stock scam ... but feel okay about trying to make some money off of one.

I didn't say they were very smart.

Re:No one "falls" for it. (1)

joe 155 (937621) | about 7 years ago | (#21031095)

I'd be interested to know if you could make money on the "up-side", I suspect that you could but probably wouldn't try because it seems like a lot of effort for a fairly small reward and I assume that it is illegal (and probably fairly easy to get caught).

But what I wanted to pick up from your post was "These are the people who know it's wrong" - I don't really get why it is considered immoral by people who play the game anyway. I understand the argument that capitalist accumulation is inherently immoral, indeed I can see why people view the stock market as particularly so, but isn't half the point of capital markets that everyone is trying to screw everyone else so that they make money whilst others lose (because we know it's only really relative inequalities which can significantly improve quality of life individually within a capitalist, individualist market society)... so why the worries that some people will lose when that was the idea in the first place?

Still, if it is illegal (as it probably is) then it's a bit silly... a trail straight to your door.

Re:No one "falls" for it. (0)

Anonymous Coward | about 7 years ago | (#21031375)

because we know it's only really relative inequalities which can significantly improve quality of life individually within a capitalist, individualist market society

AAAAAAAAAAAARGHHHHHHHHH, must..not....have.....brain.....hemorrhage... One day of economics, please take it!
Regards, An Econ Grad Student

Re:Who falls for this stuff? (0, Redundant)

Reality Master 101 (179095) | about 7 years ago | (#21030427)

I'm amazed that anyone would actually invest in a stock based on a spam message.

Nobody "invests" in a stock based on a spam message. People buy the stock because they hope to cash in on the stock rise from all the other people buying the stock based on the spam. If they do it early enough, they think they can catch the same wave as the originating spammer. And some probably do, which doesn't help the problem.

Re:Who falls for this stuff? (1)

petertw (579059) | about 7 years ago | (#21030495)

Many potential investors do realize that it is a pump-and-dump scheme, and they hope to profit from the scheme as well.

If the investor gets in early enough, the stock is going up before it comes back down. The key is to make sure you get in before it peaks, and out before it gets dumped.

Re:Who falls for this stuff? (1)

Dunbal (464142) | about 7 years ago | (#21030767)

I'm amazed that anyone would actually invest in a stock based on a spam message.

      But it's so cheap! I can buy 100,000 shares!!! When it goes up just a dollar, I'll be RICH! /sarcasm

Is the pool of idiots with investment dollars actually big enough

      History has shown that the pool of stupid people with money is bottomless. In fact, we can all take turns once in a while. You want to be next? :)

Thankfully I use .ogg (1)

earthforce_1 (454968) | about 7 years ago | (#21030297)

Maybe sometimes it is better that Linux doesn't have such a great market share.

Why are they really doing it? (3, Insightful)

scottsk (781208) | about 7 years ago | (#21030305)

"...it's hard to believe that many internet users will fall for such an amateurish presentation..." Surely not, which leads to the real question of why spammers are doing it. No one who retains their services could be dumb enough to believe this would work. (In fact, the WSJ once built a portfolio of penny stocks that were spam targets, and they didn't even see a "pump" in value, just a decline.) This is an area where I'd like to see some investigative reporting done by a tech savvy reporter who could find out who these spammers are and who bought their services. To waste bandwidth? To distract us from other spam that's smaller but more accurately targeted? Defamation of a company by rivals? Getting into the spam underworld would be risky (one spammer died in a spam turf battle recently) but it would be interesting to know who buys the services of these spammers for these PDF, MP3, image, etc spams and why they're doing it.

Re:Why are they really doing it? (2, Informative)

Anonymous Coward | about 7 years ago | (#21030455)

In fact, the WSJ once built a portfolio of penny stocks that were spam targets, and they didn't even see a "pump" in value, just a decline.
According to some analysts, that is in fact the intention. The Spam is not meant to artificially inflate the price for a short time, but rather to depreciate the stock. Not so much to ruin the target company, but rather because the spammers can short the stock and make a bit of money on the short-term depreciation.

I'm not sure if it's true or not... but I must admit that when I see Spam related to stock, my gut reaction is to value that stock less than I did before. If the average trader who sees the Spam has a similar reaction, then the stock will lose value at least for a short while, which is enough to make money off of.

Re:Why are they really doing it? (4, Informative)

larry bagina (561269) | about 7 years ago | (#21030925)

Not this shit again...

You can't short a penny stock.

Here's a dumbed down guide to how shorting works:

  1. You borrow stock from someone else
  2. You sell it
  3. ???
  4. Profit! (buy it back at a lower price and return the shares)

If you want to borrow a NYSE/NASDAQ stock, your broker will be happy to help (they charge interest and take the shares from another person's account). But if you ask about borrowing a penny stock, they'll tell you to fuck off.

It's not the medium (0, Troll)

halcyon1234 (834388) | about 7 years ago | (#21030319)

It's the message. If there's fucking stupid people, they'll fall for fucking stupid things. This isn't "a brilliant now scam". It's the exact same scam, praying on the exact same people: fucking idiots stupid enough to open an attachment because the email told them they'll make money.

Maybe we should just start taking a supremely draconian stance on this. Someone comes down to the police station saying that all their money is gone because some email scammer stole it? Shoot them in the head. Then use their bank records to track down the scammer, and shoot them in the head, too. If you can't find the scammer, that's okay. Soon enough their pool of victims will dry up due to head/bullet related activities.

You'd think this wouldn't work, because people would stop coming down to the police station because they heard people were getting shot in the head. But then again, you'd also think that email scams wouldn't work because people keep hearing about other people getting ripped off by email scams. Those people will fall for anything. The cops can just send out an email about it. "Got ripped off by a scammer? Come down for free $$$! No h3ad shotz for sure!"

You're Giving Them Ideas . . . (1)

TheLetterPsy (792255) | about 7 years ago | (#21030323)

I had never received one of these .mp3 spams. Until I read this story. The very next email I received was, sure enough, an .mp3 pump-and-dump.

At least, that's what I assumed. The filename was gloriaestefan.mp3 but I didn't listen (duh), so I can't be certain.

Re:You're Giving Them Ideas . . . (2, Funny)

JK_the_Slacker (1175625) | about 7 years ago | (#21030567)

Geez, you finally release a product, and people complain that they weren't on the beta testing team.

Re:You're Giving Them Ideas . . . (1)

Ron_Fitzgerald (1101005) | about 7 years ago | (#21030575)

Finally we have something productive for the RIAA to do with their legal team. Tell them that someone is giving away free music.

Re:You're Giving Them Ideas . . . (1)

necro2607 (771790) | about 7 years ago | (#21030619)

Holy crap, no way??

*checks email* ...

Damn, one newsletter, one real message, no mp3 spam :(

VOIP? (5, Interesting)

Anonymous Coward | about 7 years ago | (#21030325)

Well hold on there, I've got a nice new shiny VOIP line at home, guess how the answering service works? That's right, MP3s in my email...

mp3s with payload? (1)

A Friendly Troll (1017492) | about 7 years ago | (#21030373)

I cannot find more details...

Maybe there's more to this than meets the eye? WinAmp (still widespread) has had multiple arbitrary code execution vulnerabilities in the past, through ID3 tags, the mp3 stream itself, etc. I wouldn't be surprised if someone found similar things in iTunes or Windows Media Player as well.

Are those mp3s sound recordings only?

Re:mp3s with payload? (2, Interesting)

mikek2 (562884) | about 7 years ago | (#21030463)

Wow, this is creepy... I just got my first mp3 spam minutes before this article was posted. I opened it from within my sandbox'd, fully expecting to see some kind of masked virus. I was stunned to find out it was, indeed, nothing more than audio spam. Weird.

What I want to know... (3, Interesting)

JK_the_Slacker (1175625) | about 7 years ago | (#21030433)

... is how they'll manage to misspell the words in an mp3?

The RIAA is behind this... (4, Informative)

brundlefly (189430) | about 7 years ago | (#21030451)

Strap on your tinfoil hats, gents. The RIAA stoops to a new low... poisoning the well for all of us who love to email terabytes of illegal MP3s to our co-workers.

Email File sharing MP3's? (1)

hodet (620484) | about 7 years ago | (#21030505)

Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing.

Ya, sounds like a huge problem facing companies today. Tech journalism rocks sometimes.

New setting needed (2, Insightful)

gurps_npc (621217) | about 7 years ago | (#21030521)

We need a setting to block all mail that has an attachment that is NOT on your contacts list, with an auto-reply explaining this. They sender would then know to send a normal email first, requesting that you put them on your contact list.

Re:New setting needed (3, Insightful)

T-Bone-T (1048702) | about 7 years ago | (#21031169)

They sender would then know
that the address works and will then sell it to other spammers, thus vastly increasing the amount of spam you receive. Real smart.

I got paper-mail pump-n-dump spam yesterday... (1)

Dr. Manhattan (29720) | about 7 years ago | (#21030649)

It was pushing some uranium-mining company in Canada or something. No real contact info on it. Lord knows how I got on that list - probably one of the e-merchants I bought laptop parts off of in the last few weeks.

What's next? (1)

vmxeo (173325) | about 7 years ago | (#21030655)

If only they would use actual copyrighted MP3s when sending their spam*. I'd love to see the eventual RIAA-spammer fight. No matter who loses, we'd win.


*I could actually see this happening, if spammers start luring in users by harvesting random MP3s found on botnets and appending their audio spam to the end of the file.

I think satan just spoke to me, pump-n-dump porn (3, Funny)

jollyreaper (513215) | about 7 years ago | (#21030673)

Ok, you know that ramen noodle commercial where we see this hawt japanese chick bobbing her head up and down, slurping on something that's just below the bottom of the screen, we all think it's wang but we then see it's an instant ramen cup? Just imagine if it wasn't ramen and the symbol of the stock in question was written on her forehead. Five minutes of knob-slobbing action, brought to you by the fine folks at ABC Corp. Spam this out to a hundred million people and just see the results you'll get!

Wow, that spam plan is so evil, I think the Russian mafia is coming to kill me.

Re:I think satan just spoke to me, pump-n-dump por (2, Funny)

Glowing Fish (155236) | about 7 years ago | (#21031649)

A whole new meaning to the term "pump n dump"

"It might be illegal so ban it all!" (2, Funny)

Enleth (947766) | about 7 years ago | (#21030727)

Such a stance reminds me of this old Polish joke (for some reason, we've got quite a lot jokes about a shepherd): The police enters shepherd's house and finds moonshine-making equipment. - Well, shepherd, we're going to charge you with illegal moonshine production! - But I'm not making it! - But you have the equipment. - Well, then, charge me with rape as well. - Why, did you rape someone? - No, but I've got the equipment!

Re:"It might be illegal so ban it all!" (1)

Enleth (947766) | about 7 years ago | (#21030857)

Crap, as always, I forgot about the linebreaks. Corrected:

Such a stance reminds me of this old Polish joke (for some reason, we've got quite a lot jokes about a shepherd):

The police enters shepherd's house and finds moonshine-making equipment.
- Well, shepherd, we're going to charge you with illegal moonshine production!
- But I'm not making it!
- But you have the equipment.
- Well, then, charge me with rape as well.
- Why, did you rape someone?
- No, but I've got the equipment!

"Illegal file types" (1)

iamacat (583406) | about 7 years ago | (#21030729)

It's a pretty dubious practice to determine legality and spaminess of content by file type. I am sure it will not take spammers long to send wav, wma or aac promotions instead. In the meantime, file shares can trade mp3.bz2 files. Already we have to send .zippy attachments to each other here because all zip files are blocked as virus carriers.

I doubt this will fly for long (1)

Master of Transhuman (597628) | about 7 years ago | (#21030821)

Besides the fact that such attachments are easy to identify and block, like the image span became, the problem for spammers is the reduced rate of return. The bigger the attachments they send out, including PDFs and Excel spreadsheets, which have take over for image span lately, the fewer they can send out with whatever bandwidth they've managed to steal with their botnets.

This reduces their rate of return on the spam, and encourages them to try to find ways to minimize the size of the spam so it can get through defenses and enable a greater volume of spam. Volume is the key to spam - if they can't send millions, they don't make enough money to make it worthwhile.

MP3's are pretty big - 3-5MB depending on the length of the material. Compared to a normal email text message, or even an Excel spreadsheet, they're huge.

So I suspect this is a temporary thing that will reduce in volume, just as image spam has reduced in volume lately from 30% of spam to around 5%.

What people are seeing now is more "blended" spam - spam with links to malicious Web sites. This sort of thing goes right through spam detectors, since the email itself can be innocuous - it's the links that contain the malware and the actual spam package.

Re:I doubt this will fly for long (1)

larry bagina (561269) | about 7 years ago | (#21031029)

3-5 MB for a 3 minutes song at 256kbps. This is more like 30 seconds of spoken text at 32kbps.

Re:I doubt this will fly for long (1)

Master of Transhuman (597628) | about 7 years ago | (#21031439)

Yeah, but to sell a pump-and-dump stock, how much verbiage is going to be really needed? Even if they can keep the file size down to a few hundred K, it's still bigger than an email text message, if not that much bigger than a PDF or XLS file. While they have more and more powerful botnets to send it with, it's still going to cost them more in rate of return than its worth, at least for many of them.

I see this as merely an experiment by spammers. If it works, we'll see more of it. If it doesn't, it will go away. My bet is that it will go away.

Re:I doubt this will fly for long (1)

mikechant (729173) | about 7 years ago | (#21031419)

MP3's are pretty big - 3-5MB depending on the length of the material. Compared to a normal email text message, or even an Excel spreadsheet, they're huge.

3Mb is typical for a 3 minute 128 kbit/s music track. 64 kbit/s and 90s duration should be plenty for these voice message purposes and so would only take about 750k. If my calculations are correct this would take 3s to download on a fairly slow 2Mbit/s connection - not really a problem.
However, it's still true that sending even these relatively small mp3 attachments from a typical spambot is going to reduce your throughput a lot, due to the sucky slowness of the upstream on most domestic connections.

Re:I doubt this will fly for long (1)

Master of Transhuman (597628) | about 7 years ago | (#21031601)

Yeah, it's bad for the end user, although the spammer won't care about that.

However, even there, the spammer probably does care - because the more screwed up the bot machine becomes, the quicker it will be wiped and reinstalled or disinfected, and thus the lower the sending rate (at least if the bots that go off the botnet aren't replaced as fast by new bots), and again the lower the rate of return on the spam. Also, ISPs are going to detect the mass sending of larger files faster than they do smaller emails, and are likely to be shutting down more of the botnets quicker (again, at least if the bots being shut down aren't replaced faster than they're shut down.)

It's a delicate balancing act the spammer has to use - how to get volume sending while still evading detection. Sending larger and larger files isn't going to help them much. Image spam was easy to detect, PDFs and XLS are harder because they could be legitimate, MP3's are going to be equally hard but not as common as PDFs and XLS files so they will be easier to detect.

I think the "blended" spam will be the big winner - small file sizes, hard to detect, and all you need are the same botnets hosting phony dynamic Web pages to send the malware and spam package to the idiots who click the links. And the links can be made completely legitimate-looking - just like phishing scams. It's the convergence of phishing and spamming.

Got one (3, Funny)

HTH NE1 (675604) | about 7 years ago | (#21030855)

I received one of these, except instead of a stock spam, it was some annoying woman repeating over and over, "What the fuck do you think you're doing?"

Re:Got one (1)

baby_tux (734889) | about 7 years ago | (#21031455)

Yeah I also found one in my spambox (yeah, Evolution detected it) today, I listened to it but didn't understood what it was exactly (too bad sound) but it doesn't matter cause I don't have time to waste with that fscking spam...

Sound isnt new.. (1)

nurb432 (527695) | about 7 years ago | (#21030903)

I remember sound ads in emails years ago, thats why i now leave my speakers off unless i want to listen to something.

It also eliminates the nosies people stick on webpages as well.

Sure makes blocking easy (1)

Sloppy (14984) | about 7 years ago | (#21030933)

I never understood how image spam, and to some extent even HTML spam, lasts so long without being quickly crushed by filters. An email that has any sort of attachment (sheesh, even a PGP/MIME signature) is either spam, or it's from someone I know (i.e. whitelisted).

Countering audio attachments should be absolutely trivial if you have a filter, and it's hard to imagine that anyone is able to use email without a filter these days. If it has any attachment and it's from someone you've never corresponded with before, it's spam. It'll get caught.

No?

Re:Sure makes blocking easy (1)

OrangeTide (124937) | about 7 years ago | (#21031217)

Yes. lets drop emails that have mp3s attached with an extremely low bitrate, especially if there is no english words found in the message body. (meaning at least some percent of the words need to be spelled correctly)

Re:Sure makes blocking easy (1)

Todd Knarr (15451) | about 7 years ago | (#21031221)

I tend to go even further: if it's got an attachment and I'm not expecting a specific attachment from that particular sender at that time, it's spam. A lot of viruses send to addresses in the local address book, so just because I know the sender doesn't mean they haven't gotten infected and it's the virus sending me spam/malware. So my policy is that if people want to send me files they can either put them up on a server and send me the location so I can download it, or they can contact me beforehand and find out what format I need it in and I'll be expecting it.

I get the occasional person who whines because I insist they send their plain text mail to me as plain text, requiring them to jump through hoops to make their mail client stop generating obnoxious HTML or whatnot. But these tend to be the same people whining to me about how many problems they have with viruses on their computer, while I've gone 20+ years without a single successful infection of any of my machines.

Re:Sure makes blocking easy (1)

Sloppy (14984) | about 7 years ago | (#21031501)

If I get spam from someone I know, I want to be conscious of that spam (so I can warn them that they are infected) instead of having it silently go to the bit bucket.

Link please! (0)

Anonymous Coward | about 7 years ago | (#21031313)

I need a nice mechanical female voice to keep me company tonight. I don't care what stock she's... ummm.. pumping.

mod aup (-1, Troll)

Anonymous Coward | about 7 years ago | (#21031347)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?