MP3 Spam hits the Internet (finally!)


Way back in March, CTO Amir Lev was quoted in a SearchSecurity article as saying that audio spam shouldn’t be too far away. We even went so far as to create some samples in our labs (no, we didn’t give them to any spammers :). And finally, as of late last night, the spammers have unleashed a flood of spam with MP3 attachments across the Internet. Here is some data from our Global Detection Center about the outbreak:

What is it
: spam messages with MP3 attachments. The MP3 files are voice messages promoting stocks. So far, we have identified no viral threat in these messages.

When did it begin: 21:24 GMT on October 17, 2007

How big is the outbreak: The outbreak accounts for around 7-10% of all spam globally.

What characterizes the messages: The messages themselves are much larger than “traditional” spam, even larger than image spam and PDF spam. On average, the size of the message is 85 KB, but have reached up to 147KB. The message contents are mostly empty.

Sample subjects: For the most part, the subjects are empty, containing just “Fwd:” or “Re:”, or the name of the file attachment.

Sample file names: File names are in several categories:

  • Emotional ties, for example: dadsong.mp3, oursong.mp3, weddingsong.mp3
  • Well-known artists and songs, for example: santana.mp3, sayyousayme.mp3, smashingpumpkins.mp3, bbrown.mp3, bspears.mp3, gloriaestefan.mp3, beatles.mp3
  • Other “sounds” that people might want to listen to, for example: answeringmachine.mp3, coolringtone.mp3, listentothis.mp3

The Sound: The sound quality of the recordings is very poor: 16 kbps bitrate and 11 KHz sample rate with an average length of 30 seconds. They are also highly randomized in order to avoid email filters.

Go back