Forget image spam or even attachment spam. Get ready for audio spam. Two British companies say they've detected a new kind of spam that could be even more annoying than the old-fashioned kind, if that's possible.
Earlier this week, spammers loaded up tens of thousands of e-mails with short 30-second audio "'commercials" and let them fly across the Internet.The audio file bragged about a small company's impressive revenue growth and urged recipients to purchase its stock. In fact, the language was almost identical to that used in image spam, in vogue early this year, and Adobe Acrobat attachment spam, which hit this spring. It's not yet clear if audio spam is the next big thing, but it is a small leap forward in spam technology.
Many consumers who wouldn't open other kinds of attachments think nothing of opening an audio file, as they are generally considered safe. To make the clips more enticing, many are named after famous recording artists, such as elvis.mp3, britney.mp3, or beatles.mp3, says e-mail security firm MessageLabs.
The company said it began seeing a steady stream of these files at 11 p.m. British time (6 p.m. ET) on Wednesday. The company's filters were trapping 10,000 messages per hour by midday Thursday, it said.
The spam is obviously designed to evade anti-spam filters, which have recently gotten wise to image spam and attachment spam but apparently still let many .mp3 files reach recipients.
"Mp3 spam is a natural progression from PDF and Excel spam," said David Vella, director of Product Management at British-based GFI Software, a computer security firm that also spotted the audio spam with its anti-spam technology."There is also a social engineering aspect to this tactic because people frequently share .mp3 files."
Users who click on the file first hear an alarm sound reminiscent of the radio Emergency Broadcast System. Then, they hear a synthetic female voice hawking the stock.
It's not clear how successful such stock scams are, but the Securities and Exchange Commission has announced several investigations in the past 12 months. On Oct. 3, the SEC halted trading in three companies after a round of stock spam. On March 8, it suspended trading in 35 companies. The agency said then that about 100 million stock spam messages were being sent every week.