And the flood goes on

Computerworld's Gregg Keizer has a long informative article about the PRTH.PK spam run that flooded inboxes with hundreds of millions of spam emails. The article describes the response of the shares (the usual sharp rise and sudden fall) and the measures that Prime Time Group Inc has taken to try to identify the sender. It also confirms that the botnet used to send the spam was previously built through a wave of 'greeting card' spam.

What the article doesn't mention is that the senders of the PRTH.PK spam have now moved on and are now pushing CYTV.OB using the same techniques. This stock also appears to be spiking, suggesting that the supply of clueless investors willing to hand over their savings to scammers is apparently limitless. Lather, rinse, repeat.

In an earlier post about the PRTH.PK PDF flood, I observed that there is a second, smaller PDF flood going on, possibly the work of a different spam gang. These spammers have now moved on to promoting MBEI.PK. Interestingly, they have also switched back from text-based PDFs to PDFs that embed the same kind of 'jittered' images previously sent as JPEGs or GIFs, apparently in response to automated filtering of incoming PDFs.

There's also one other entrant to the recently-spammed stocks arena. We've seen a number of spams that advertise a redirector at 2good.mobi (mTLD's pious promises about all .mobi domains being required to be suitable for mobile phone browsing notwithstanding, spammers are cheerfully using the .mobi TLD for spam sites and redirectors that offer nothing to mobile users). Most of these point to the inevitable Canadian Pharmacy pills sites and mortgage sites, but a small number — whose subject line invited recipients to win an apple iPhone and receive complimentary level 2 qu0tes pointed to a URL that redirected to a domain called inv3stco.com, which promotes the stock MIDS.PK.

Incidentally, the greeting card spam that built the botnet used to promote PRTH.PK and CYTV.OB also continues. It has iterated through another couple of generations: the current incarnation tells recipients to collect their custom Musical ecard or custom Movie-quality ecard or other variants on that theme. We've seen about 150 of these in the past three days, suggesting that the unknown senders are probably well on their way to building up another botnet for their next stock spam run.

Posted by spamnation on August 14, 2007 08:00 AM |

Tags: , , , , , , , , ,

« Bride of Four-One-Nine | Main | The fine art of scamming »

weblognewsstocksstatstoolsnoteslinksmisc