What do you get when you cross spam with MP3 files? The answer, as people have been discovering since August of last year when this unhappy hybrid first appeared, is mass mailed MP3 audio spam, or spaMP3.
Starting at 21:24 GMT Wednesday evening, according to security firm Commtouch, a torrent of new spaMP3 flooded the Internet. The spam messages, which contain short MP3 audio attachments pitching the stock of a company called Exit Only, have accounted for 7% to 10% of all spam globally over the past 18 hours.
Typically, the idea in such a "pump-and-dump" scheme is to prompt people to buy the stock, causing the stock price to rise. Those originating the spam mailing can then sell shares they own at an inflated price, making a profit in the process.
As of 18:00 GMT on Thursday, Exit Only's stock was up about 2.5%.
Like image-based spam, spaMP3 messages are more of a burden to e-mail servers than text-based spam because of their large size -- 85 Kbytes on average.
Commtouch notes that the sound quality of the recordings is very poor because they're recorded at a bitrate of 16 Kbps and a sample rate of 11 KHz, at an average length of 30 seconds. The spaMP3 messages are also highly randomized to avoid being caught by filters.
Kaspersky Lab, which claims to have first detected the outbreak, says that the incident represents the first mass mailing of MP3 spam.
"Users often send each other short audio files with funny recordings -- it seems as though spammers are banking on the fact that users think these files are worth listening to," said Andrey Nikishin, director of Kaspersky Lab's IT security outsourcing operation, in a statement. "A user gets an MP3 file and thinks it's going to be something funny or interesting, so they'll open it. But the spammers are limited in the size of recording they can send, which is why the quality of the recording is very bad. We probably will see more MP3 mass mailings, but they won't have any real effect on our spam statistics."
In its E-mail Threats Trend Report for the third quarter of 2007, released on Tuesday, Commtouch said that global spam levels had reached an all-time high of 95% of all e-mail messages during the quarter.