October 18, 2007 - 12:00
London, UK – GFI Software, a leading developer of network security, content security and messaging software, today announced it is tracking a new method through which spammers send messages with MP3 attachments that contain the latest pump-and-dump stock scams.
The spam is a short, 30-second MP3 file recorded at low bit-rate with a synthetic female voice promoting a particular stock; the voice heavily distorted to avoid signature-based anti-spam approaches (click here to listen to an edited sample of MP3 spam).
Spammers are taking advantage of the fact that the MP3 format is one of the most common in use today and that most anti-spam solutions do not handle attachments very well because they do not actually analyze the attachment content.
"MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam. This is their latest attempt to evade anti-spam filters. There is also a social engineering aspect to this tactic because people frequently share MP3 files," David Vella, Director of Product Management, said.
To address the MP3 spam threat, administrators need to deploy as many anti-spam techniques as possible, including Bayesian filtering, while at the same time maintaining a very low level of false positives. Additionally, administrators can block attachments or place restrictions on allowable sizes to weed out unwanted material.
GFI MailEssentials™ includes a second generation Bayesian filtering engine. This goes beyond the simple analysis of text but also examines the form and attributes of attachments. The benefit of spam detection via Bayesian filtering is that the technology automatically tunes itself to each customer-specific email profile, rather than relying on one ‘rule set’ for all customers like other rules-based anti-spam products do. With this second generation Bayesian filtering technology, GFI is at the forefront of anti-spam technology thus allowing the company to effectively deal with the constantly evolving spam techniques.
Users of GFI MailSecurity™ can also use the content filtering feature to filter out spam that is downloaded to the email client based on attachment file type or size.
For information on GFI’s anti-spam and anti-phishing solution, GFI MailEssentials, visit http://www.gfi.com/mes/. For information on GFI’s antivirus, anti-spyware and anti-malware solution, GFI MailSecurity, visit http://www.gfi.com/mailsecurity/.
About GFI MailEssentials
GFI MailEssentials offers anti-spam for Exchange server and other email servers and eliminates the need to install and update anti-spam software on each desktop. GFI MailEssentials offers a fast set-up and a high spam detection rate using Bayesian filtering and other methods. With very low false positives, GFI MailEssentials will eliminate over 98% of the spam from your network as well as detect and block phishing emails and hard to catch image-spam through a Botnet/Zombie check. GFI MailEssentials also adds email management tools to your mail server: disclaimers, mail monitoring, Internet mail reporting, list server, server-based auto replies and POP3 downloading.
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium-sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.