MP3 spam targets unwary music fans

 

Gallery

By Guy Matthews

Posted on 1 Nov 2007 at 16:31

Spammers have found an innovative new method of spreading malware through MP3 files, according to a new report from MessageLabs.

The MessageLabs Intelligence Report for October claims that spammers have sent at least 15 million emails containing MP3s with music-related file names such as beatles.mp3, britney.mp3 and elvis.mp3. However, instead of the advertised music the MP3s actually contain a 25 second voice-over from an organisation called Exit Only Incorporated.

"The MP3 spam tactic is a natural progression for cyber criminals following runs of image, PDF and Excel junk mail earlier this year," comments Mark Sunner, chief security analyst for MessageLabs.

"As users become wary of certain file attachments, scammers will move on to their next tactic, ever hopeful of finding the key which will easily open all inboxes rather than having the door slammed in their face by anti-spam filters. Video spam and PowerPoint are both well anticipated so watch this space for the next format du jour."

This is the first time that spam hiding inside sound files has been circulated on a large scale and Sunner says that this recent trend proves spamming techniques are becoming more innovative. He predicts that it is only a matter of time before spammers upload malware to free multimedia hosting sites such as YouTube, Google Video or MySpace.

"It's not just the spammers that are trying to latch onto trends and internet user habits," says Mike Greene, vice president of product strategy at security software firm PC Tools.

"We are seeing increased malware traffic via some of the less scrupulous MP3 download sites in areas such as Russia, as well as MP3 and video sharing sites across other regions. Users have to be more vigilant and adopt a less trigger-happy approach to web browsing and start treating unusual and unsolicited emails with greater suspicion."