A Spam Pump & Dump In Action

If your email address is guessable, or if you’ve ever madeit public in any way, you’re painfully aware of themassive uptick in pump & dump stockspams over the past couple of months (seemingly growing in quantityby the day).

I’m now receiving about 150 P&D spams in my inbox perday, added to the hundred or so spams trying to sell goods orservices. And for those who will ponder, no I don’tobfuscate my email address, and I have shared it publicly, howeverthat should no more invite spam than an un-niqab’d woman invites rape.

Despite two heterogeneous layers of spam defense — an emailserver spam detection system, and the spam defense in Outlook 2003– several dozen make it through to my inbox daily, as the spammershave adapted to bayesian filtering and are using newtechniques to circumvent the filters (and I can hardly use awhitelist given that many of the people who contact me arelegitimate new contacts who I haven’t emailed before).

Spam relay blacklists no longer help much because the majorityof spam is coming from mom and pops, their high-speed equippedhome PC nefariously and unknowingly acting as a part of a massiveworldwide botnet, relaying the latest pump&dump target emailsby the billions from points across the globe.

Not only are legitimate emails getting shrouded in the hazeof spam, the computational and bandwidth requirements to move allof this garbage — especially now that spammers are resortingto embedded images — is enormous. Extrapolate it out, things arelooking very grim.

And what an ingenious target for spam, really: Spam to sell aproduct and inevitably people can track you down, becausesomehow there has to be a method of getting money to thespammer (or the person who paid the spammer). Spam to boost someirrelevant penny stock, however, and no such direct connectionneeds to exist, and the monetary path is masked by the cloudof the world capital markets (which makes me wonder if moneylaundering occurs through the same penny stocks. It isn’t hard toenvision scenarios where the market could be gamed, particularlyamong low-end unnoticed stocks, to elicit a loss on one end and aprofit on the other).

Of course, the P&D scam isn’t new: Buy somepenny/low-capitalization stock (where a small amount of activityhas a significant market effect). Talk it up as much as possible.Sell to a late comer. Laugh all the way to the bank. It really is aclassic pyramid scheme, because once the flow of new suckers stops,the crash occurs. Sort of sounds like the .COM stocks in2001. 

This technique has gone on in usenet newsgroups, or forums, andeven by industry heavyweights who give credence to a stock theywant to inflate and dump. Doing it through thousands (millions?) ofcompromised PCs, however, is new.

And the common analysis that I’ve seen of P&D completelymisses the point in my opinion: I don’t think the spammers trulythink they’re going to fool people into thinking these are greatinvestments, but rather they’re trying to fool people into thinkingthat they’re fooling other people into thinking these aregreat investments. They’re trying to entice Joe Clever intothinking “Ah…now they’re pushing XYZ, and surely a bunch ofsuckers are going to buy into this nonsense…so I’m going to put$1000 in just to capitalize on those later suckers!” Of courseeveryone is thinking the same thing, until eventually it collapseson itself and the latecomers end up at an empty table when thewaiter arrives with a hefty bill. Alternately it’s commissionedwork on behalf of insiders who want to cash out some holdingsduring an upswing, but I find the scenario of completely uninvolved3rd parties more believable (again because the whole P&D schemeis founded around anonymity and disconnectedness)

It’s a monetary game of chicken.

So without much further ado, let me present to you the currenttarget of the game of financial chicken (if only I’d havelistened to the wise words of P&D spam! I’d be rich I tellya!). Since early this week I’ve been getting a ridiculous numberof spams pushing SBNS.PK. Here’s how it looks in the 5 day graph(this is up to date, so if you’re looking at this entry in thefuture, it will not make much sense as the spammers will have movedon, the stock likely crashed). It looks like this pyramid is aboutto fall.

Given that the original spammer almost certainly bought inbefore starting their pump campaign, this represents a massivepotential profit, so expect this to finance the massive next waveof stock spams, and R&D in evading spam filters.

UPDATE: It looks like the P&D target for the following weekor two is SRRL.OB, another low-to-no volume bottom feeder. Noticethe stocking up that took place in the latter half of the day,could it be the spam-master loading up before the run?


NOTE: If you run an email server, before you bounce acastigating “SPAM FROM YOUR DOMAIN HAS BEENREJECTED!!!!!” email, check if the domain has an SPFrecord. If it does, and the spam that claims to be from said domaindoesn’t come from an approved IP, save the reply. Along with thehundreds of spams a day, I’m also getting assaulted by a hundred orso message bounces/rejections per day because spammers are forging”@yafla.com”. Don’t pollute the net even more with illegitimatebounces, making the problem even worse.