Spam has gone audible, or at least spam generated by yes-they’re-at it-again the Storm network. It has been confirmed that the celebotnet of the moment employs yet another deviously creative gimmick to further its pump-and-dump stock scams. Trend Micro threat analyst David Sancho confirmed that EMEA TrendLabs’ Storm system has been catching a lot of spammed email messages with attachments such as the following:

• babylaugh.mp3
• bartsimpson.mp3
• cassidy.mp3
• chrisbrown.mp3
• ringtones.mp3

Yup, you’ve heard, er, you’ve read it right folks. Spam are now carrying MP3 files. These babies don’t even have Subject and Message Body details. The MP3 files speak for themselves, literally. Transcribed, the attached files usually say the following pitch in a female android voice:

hallo, this is an invest-tone alert
hexitone ring incorporated has announced that it’s ready
to launch it’s new textforcards dot com Web site,
already a huge success in Canada.
We are expecting amazing results in the USA
go read the news and get on EXTO
that symbol again is EXTO
thank you

File size ranges roughly from 50-120KB. This “invest-tone” alert appears to be marketing the stock EXTO of Exit Only, Inc., an Internet company that sells and buy cars via Text4cars.com. Stock Web sites show that this particular stock, as of 2:12 PM EST, has its price on a slow rise. Tsk, tsk.

Trend Micro researcher Ivan Macalintal analyzed some of the mail samples and identified the distinctive string “LAME” in the offset:

0001e8b0h: 55 55 55 4C 41 4D 45 33 2E 39 37 55 55 55 55 55 ; UUULAME3.97UUUUU

This may be connected to LAME, an open source shareware MP3 encoder/decoder, mainly popular to Unix users.

There’s just no abating for the Storm network. It has now gone and done a caterwaul of a musical. Yes, we are certainly ‘hearing’ the menace of Storm annoyingly loud and cringingly clear.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!