The Storm Worm botnet network may be shrinking in size, but it has managed to send out 15 million of those annoying audio spam messages in October, according to antispam vendor, MessageLabs.
It's hard to believe that the Storm messages were effective. Recipients had to first click on an attachment - usually given a misleading name like beatles.mp3 or Britney.mp3 - to hear the stock pitch, which featured a robotic woman advising people to invest in online car seller, Exit Only.
This kind of scam, called 'pump-and-dump', tries to nudge up the price of penny stocks, giving the spammers a way to make a quick buck by selling the stock before it crashes. Spammers have been delivering their messages in different formats, including .pdf and Excel files, over the past few years as part of a cat-and-mouse game with spam blockers. This latest move to MP3 spam is the latest development in this battle, observers say.
Spam watchers say that pump-and-dump schemes are the hottest and most lucrative area for spammers today.
The spam run began on October 17, and lasted about 36 hours, using infected computers in the Storm Worm network to send out the mails, MessageLabs said in a statement released on Tuesday. The spam sounded strange because the voice in the message was "synthesised using a very low compression rate of 16KHz to keep the overall file size small, at around 50KB, to avoid detection," the company said.
Storm is thought to have landed on as many as 15 million PCs over the past year, but recently its network of infected PCs has been shrinking. University of California, San Diego, researchers recently pegged it at about 160,000 computers, only 20,000 of which are accessible at any one time.
Exit Only said it was not involved in sending the spam. Its stock was trading around $0.41 on October 18, the day after the Storm spam started. On Tuesday it closed at $0.20.