Turbulent financial markets trigger a return to pump-and-dump spam

Symantec Corp. has announced the results of the August 2011 Symantec Intelligence Report, now combining the best research and analysis from the Symantec.cloud MessageLabs Intelligence Report and the Symantec State of Spam & Phishing Report. This month's analysis reveals that once more spammers are seeking to benefit from fluctuations in the turbulent financial markets, most notably by sending large volumes of spam relating to certain "pink sheets" stocks in an attempt to "pump" the value of these stocks before "dumping" them at a profit.  

In a pump-and-dump stock scam, spammers promote certain stocks in order to inflate the price as much as possible so that they may then be sold before their valuation crashes back to reality. The spam for these scams tries to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket. Most of these claims are either misleading or false.
A successful pump-and-dump spam campaign will artificially drive up the price of the stock to a point where the scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which in turn reduces the interest in the stock, helping to drive its valuation back to the original low price.
"Scammers can make substantial profits in a matter of days with a well-executed pump-and-dump spam. In the current turbulent environment many people may be convinced to invest in stocks that the scammers claim will benefit from the market turbulence," said Paul Wood, senior intelligence analyst, Symantec.cloud.
Further analysis also revealed that there were as many new boot time malware (MBR) threats in the first seven months of 2011 as there were in the previous three years. An MBR is an area of the hard disk (usually the first sector) used by a computer to perform start up operations. It is one of the first things to be read and executed by the computer hardware when a computer is powered on, even before the operating system itself.
"MBR infections offer great scope for deep infection and control of computers, which makes the idea attractive to malware creators. Contemporary MBR infection methods are a fairly complex affair usually executed by highly skilled individuals," Wood said.

Analysis also reveals that while global spam levels were lower in August compared to the previous month, phishing activity increased in August, with many increases coming from attacks related to major brand names such as those related to Apple's iDisk service and a variety of Brazillian companies and services, including social networking and financial brand names.
Other report highlights
In August 2011, the global ratio of spam in email traffic declined to 75.9 percent (1 in 1.32 emails); a decrease of 1.9 percentage points when compared with July 2011.
Phishing: In August, phishing email activity increased by 0.01 percentage points since July 2011; one in 319.3 emails (0.313 percent) comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 203.3 emails (0.49 percent) in August, an increase of 0.14 percentage points since July 2011.
Web-based Malware Threats: In August, Symantec Intelligence identified an average of 3,441 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; a decrease of 49.4 percent since July 2011.
Endpoint Threats:  The most frequently blocked malware for the last month was W32.Ramnit!html. This is a generic detection for .HTML files infected by W32.Ramnit[1], a worm that spreads through removable drives and by infecting executable files. The worm spreads by encrypting and then appending itself to files with .DLL, .EXE and .HTM extensions. Variants of the Ramnit worm accounted for 15.8 percent of all malicious software blocked by endpoint protection technology in August.
Geographical Trends

  • Saudi Arabia remained the most spammed geography, with a spam rate of 84.8 percent
  • China (81.6 percent) overtook Russia (81.1 percent) to become the second most-spammed.
  • In the US, 75.8 percent of email was spam and 75.0 percent in Canada.
  • The spam level in the UK was 76.5 percent.
  • In The Netherlands, spam accounted for 77.4 percent of email traffic, 75.8 percent in Germany, 76.1 percent in Denmark and 73.7 percent in Australia.
  • In Hong Kong, 75.2 percent of email was blocked as spam and 73.4 percent in Singapore, compared with 72.8 percent in Japan.
  • Spam accounted for 74.0 percent of email traffic in South Africa and 77.0 percent in Brazil.


  • Phishing attacks in Sweden increased to overtake the UK and become the most targeted geography for phishing in August, with one in 45.3 emails identified as phishing.
  • Phishing in the UK also increased, making it the second most targeted country, with one in 79.5 emails identified as phishing attacks.
  • Phishing levels for the US were one in 999.3 and one in 229.9 for Canada.
  • In Germany phishing levels were one in 928.6, one in 508.2 in Denmark and one in 295.9 in The Netherlands.
  • In Australia, phishing activity accounted for one in 914.5 emails and one in 2,178 in Hong Kong; for Japan it was one in 8,115 and one in 2,474 for Singapore.
  • In Brazil, one in 445.7 emails was blocked as phishing.

E-mail-borne threats

  • Email-borne malware attacks increased to one in 53.2 emails in Sweden, propelling the country to the top of the list with the highest ratio of malicious emails in August.
  • Luxembourg was the second most geography under fire in August, with one in 85.1 emails was identified as malicious in August.
  • In the UK one in 86.5 emails was blocked as malicious.
  • Virus levels for email-borne malware reached one in 611.1 in the US and one in 219.6 in Canada.
  • In Germany virus activity reached one in 369.2, one in 444.4 in Denmark and in The Netherlands one in 147.6.
  • In Australia, one in 797.0 emails were malicious and one in 744.2 in Hong Kong; for Japan it was one in 1,912, compared with one in 918.0 in Singapore.
  • In Brazil, one in 392.3 emails in contained malicious content.

Vertical Trends

  • In August, the Automotive industry sector continued to be the most spammed industry sector, with a spam rate of 79.0 percent.
  • Spam levels for the Education sector reached 78.9 percent and 75.5 percent for the Chemical & Pharmaceutical sector; 75.7 percent for IT Services, 75.7 percent for Retail, 75.4 percent for Public Sector and 75.3 percent for Finance.
  • The Public Sector remained the most targeted by phishing activity in August, with one in 24.8 emails comprising a phishing attack.
  • Phishing levels for the Chemical and Pharmaceutical sector reached one in 720.3 and one in 446.0 for the IT Services sector; one in 410.5 for Retail, one in 94.4 for Education and one in 220.7 for Finance.
  • With one in 24.0 emails being blocked as malicious, the Public Sector remained the most targeted industry in August.
  • Virus levels for the Chemical & Pharmaceutical sector were one in 334.6 and one in 345.3 for the IT Services sector; one in 374.6 for Retail, one in 94.0 for Education and one in 383.0 for Finance.

The August 2011 Symantec Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends.

[1] http://www.symantec.com/security_response/writeup.jsp?docid=2010-011922-2056-99&tabid=2

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter