Stock Pump

[steverino]

I'm a newbie to this forum so hopefully this is in keeping with the charter of the group.

I'm investigating a flurry of emails recently on Outlook. my email is attracting a what I call stock pump and dump. These emails pump a publicly traded penny stock, touting it as the next rising star.

The email has evasion techniques, among them legitimate user and domain spoofing (joe[at]legitimatedomain.com), where of course the actual headers are anything but.

It ends with several paragraphs of text I assume to penetrate email filter defenses.

Most interestingly the email is bitmap or jpeg to bypass keyword search. The bitmaps are what I call "stitched" in multi-part, and rendered by outlook as a series of IMG CIDs like so:

<IMG alt="" hspace=0

src="cid:001601c6b907$250e94a0$f0bdbf44[at]brxloc" align=baseline

border=0><IMG alt="" hspace=0

src="cid:001701c6b907$250e94b7$f0bdbf44[at]brxloc" align=baseline

border=0><IMG alt="" hspace=0

src="cid:001801c6b907$250e94ce$f0bdbf44[at]brxloc" align=baseline

border=0>

And so on. These images are stitched together by outlook and rendered as a seamless text message.

I'd like to know if others are seeing the same thing, what is or can be done about it.

On a related question, if I were to implement a filtering function on my emails, is there an open source

spam filter or related links that can be shared with this community as a starting point?

Thanks,

/Steverino

[Wazoo]

Ton loads of "graphic" spam stuff available elsewhere. One of the most recent, which ended up with the banning of a user with a bad attitude .... What about 'picture' spam?

There are also "suggested tools" in yet another Forum section .. if one assumes Windows as being in use, SpamPal is one of the first recommendations ....

[Farelf]

The New feature request and discussion that spun off the initial posting of the above is all part of that take on the topic. Next, I'm concerned along the lines of "kiddies, don't try this at home." "We" don't know about your security - assume you have it screwed down pretty tight if you're using Outlook in Windows to read graphics spam? Just thinking of things like the occasional external link thrown into the spam body, vulnerabilities in general. Mike Easter over in the NGs recently posted a link to Outlook "best practice" on matters of configuration settings and so on, as explained on an independent site. That would save a whole lot of explanation of things I certainly *do not* have at my fingertips, if it were needed - but I can't get to it from where I am at the moment. But hopefully you know this stuff already?

[Telarin]

Yep, these are very common and have been for some time. I report mine to spamcop so the source IP can get blocked. I also forward them to enforcement[at]sec.gov so that they can investigate and take action against the company if they feel they were actually involved.

[Jank1887]

I get the same stitched spam as well. Submittal usually exceeds the SC pars limit (XXXXX characters, truncate?) Since Gmail pops up attached images automatically, I can actually see the ticker name being pumped. So I forward to the SEC address mentioned by Telarin, and in the comments section I usually add: XXXX stock spam (replace XXXX with the ticker symbol)

If the SEC ever decides to start doing anything about them, adding the ticker symbol to the comment makes it so it'll come up in a text search, since it's not listed anywhere else in the body text.