Jump to content

Stock Pump


Recommended Posts

I'm a newbie to this forum so hopefully this is in keeping with the charter of the group.

I'm investigating a flurry of emails recently on Outlook. my email is attracting a what I call stock pump and dump. These emails pump a publicly traded penny stock, touting it as the next rising star.

The email has evasion techniques, among them legitimate user and domain spoofing (joe[at]legitimatedomain.com), where of course the actual headers are anything but.

It ends with several paragraphs of text I assume to penetrate email filter defenses.

Most interestingly the email is bitmap or jpeg to bypass keyword search. The bitmaps are what I call "stitched" in multi-part, and rendered by outlook as a series of IMG CIDs like so:

<IMG alt="" hspace=0

src="cid:001601c6b907$250e94a0$f0bdbf44[at]brxloc" align=baseline

border=0><IMG alt="" hspace=0

src="cid:001701c6b907$250e94b7$f0bdbf44[at]brxloc" align=baseline

border=0><IMG alt="" hspace=0

src="cid:001801c6b907$250e94ce$f0bdbf44[at]brxloc" align=baseline


And so on. These images are stitched together by outlook and rendered as a seamless text message.

I'd like to know if others are seeing the same thing, what is or can be done about it.

On a related question, if I were to implement a filtering function on my emails, is there an open source

spam filter or related links that can be shared with this community as a starting point?



Link to comment
Share on other sites

The New feature request and discussion that spun off the initial posting of the above is all part of that take on the topic. Next, I'm concerned along the lines of "kiddies, don't try this at home." "We" don't know about your security - assume you have it screwed down pretty tight if you're using Outlook in Windows to read graphics spam? Just thinking of things like the occasional external link thrown into the spam body, vulnerabilities in general. Mike Easter over in the NGs recently posted a link to Outlook "best practice" on matters of configuration settings and so on, as explained on an independent site. That would save a whole lot of explanation of things I certainly *do not* have at my fingertips, if it were needed - but I can't get to it from where I am at the moment. But hopefully you know this stuff already?

Edited by Farelf
Link to comment
Share on other sites

Yep, these are very common and have been for some time. I report mine to spamcop so the source IP can get blocked. I also forward them to enforcement[at]sec.gov so that they can investigate and take action against the company if they feel they were actually involved.

Link to comment
Share on other sites

I get the same stitched spam as well. Submittal usually exceeds the SC pars limit (XXXXX characters, truncate?) Since Gmail pops up attached images automatically, I can actually see the ticker name being pumped. So I forward to the SEC address mentioned by Telarin, and in the comments section I usually add: XXXX stock spam (replace XXXX with the ticker symbol)

If the SEC ever decides to start doing anything about them, adding the ticker symbol to the comment makes it so it'll come up in a text search, since it's not listed anywhere else in the body text.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...