MP3 spam on the rise

October 30, 2007

Security firm MessageLabs has reported that it has spotted a massive run of spam sent out in the form of MP3 files and masquerading as music clips from popular artists. This is the first instance of a large distribution of spam hiding inside sound files, researches say.1

The MP3 files attempt to entice users to click on them by using deceptive names, such as bartsimpson.mp3, beatles.mp3, britney.mp3, familyguy.mp3, elvis.mp3, and ringtones.mp3. The attachments are audio MP3 file, ranging in size from 88KB to 150KB, containing a rusty-sounding, 25-second voice-over touting the latest stock offering. More importantly, the files also fool most anti-spam tools, which typically cannot detect spam hidden within a sound file.1,2

The outbreak is the latest in a string of tactics from the past six months which avoid filters by using file formats not generally blocked or difficult for filters to disassemble and search.2 In the past recent months, spammers have been toying with different types of file attachments including image, ZIP, RAR, RTF, PDF, and XLS.3

The MP3 spam tactic is a natural progression for cyber criminals following runs of image, PDF and Excel junk mail earlier this year. As users become wary of certain file attachments, scammers will move on to their next tactic, ever hopeful of finding the key which will easily open all inboxes rather than having the door slammed in their face by anti-spam filters. Just a few months ago, PDF spam accounted for nearly 20 percent of all image spam. That number has since plummeted to under 1 percent, according to e-mail security company Proofpoint. Video spam and PowerPoint are both anticipated to be used in the future.3,4

SecureWorks senior security researcher Joe Stewart says his first reaction was that audio spam, while clever, is probably destined for a lower success rate, both because of the poor quality of the audio and because of the amount of end user intervention required. "Who's going to open a stranger's MP3 and listen, and what's the chance they'll repeat that action?" says Stewart. "With visual spam, all you have to do is glance." What's more, in many inboxes the visual is displayed as the message is selected, making it hard to avoid seeing.2

MessageLabs postulated that MP3 spam might follow a path similar to that of image spam, which flooded email boxes earlier this year, then morphed into different sorts of exploits, such as attachments hiding on popular photograph (or, in MP3's case, music and video) sites.1

Secure Computing estimates that spam now makes up well over 90 percent of all e-mail. That is up from over 70 percent a year ago.5

1. "Industry Hears First 'Singing Spam'", Dark Reading, October 30, 2007

2. "Audio Spam: Latest Twist on a Security Threat", PC World, October 20, 2007

3. "Latest Stock Spam Technique Launched with 15 Million MP3 Emails", MessageLabs, October 30, 2007

4. "Listen up: MP3 spam on the rise, despite being utterly stupid", Ars Technica, October 30, 2007

5. "Welcome to the Spam Economy", eWeek, March 11, 2007