Quantcast
Subscribe to magazine

Pump-and-Dump Scammers Turn to Excel

Gregg Keizer, Computerworld

  • 0 Yes
  • 0 No

Pump-and-dump stock scammers have begun using Microsoft Excel spreadsheets to deliver their get-rich-quick schemes, another in a series of moves they've made trying to slip past antispam filters.

E-mail security vendor Commtouch Software Ltd. spotted several spam runs Saturday that feature Excel attachments with file names such as "invoice20202.xls" and "stock information-3572.xls."

The Excel worksheets contain the unsolicited message, which, as in all classic pump-and-dump scams, touts shares of one or more lightly-traded companies as hot and ready to climb. The fraudsters, however, have already bought shares and only spam their shills to get others to buy in. If enough do, the price goes up, and the scammers sell their holdings. The duped recipients of the spam are left holding the bag when the price later plunges.

According to Amir Lev, Commtouch's chief technology officer, the turn to Excel is just the latest twist in the scam. "Excel is a natural progression after the recent spate of PDF spam, which itself is a natural development from basic image spam," said Lev. "We expect other file formats to follow suit. Think of the spam potential in PowerPoint files or Word documents."

Pump-and-dump spam has been rapidly changing tactics, dropping images and substituting PDF files to evade spam-blocking software. Virtually every security company has set out warnings of recent big spikes in the amount of PDF-based spam. In fact, Commtouch was one of the first. Spammers started using PDF files only a few weeks ago; before that, they relied on embedded images to get their content past filters.

Most users associate danger and Excel files because of the latter's use by hackers to delivery malware. Sporadic attacks, often very narrowly focused, using Excel spreadsheets -- as well as other Microsoft Office file formats -- have been launched since early 2006. For example, in June a Commtouch rival, U.K.-based MessageLabs Ltd., reported that 95 percent of all targeted attacks -- those where one piece of spam was shot at one user -- involved Office file attachments.

Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

  • Recommend this story?
  • 0 Yes
    0 No

"Pump-and-Dump Scammers Turn to Excel" Comments

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace