Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Pump and dump scams now in PDF

Published: 2007-06-20
Last Updated: 2007-06-20 21:33:39 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Apparently the groups behind what we know as pump and dump spam have found a new way to bypass spam filters. As of yesterday, we’ve been observing e-mails with bogus text, often in german, each with a PDF in attachment.
 
These PDFs purport to be stock information, and are usually titled ‘German Stock Insider’. They contain much more detail on stock than we’re used to from previous dump and pump scams and include images for added realism. They even contain the following disclaimer:
 
“This is not an offer to buy or sell any security. German Stock Insider discloses that they were paid ten thousand Euros for distribution of this report.”
 
The messages are usually sent to name@domain with an attachment name of name_report.pdf. Apparently they are distributed most to .com and .org domains, though most of the reports we’ve received were from Europe. Each of the reports so far has had an MD5 hash of 2e4b2158909f276942dadf6a0b621b1a. Thanks to Günter for reporting his findings.  
Keywords:
0 comment(s)
Diary Archives