Avatar

Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.

AAPL spam

Until now, most stock related spam touted penny stocks exclusively. A smaller group of new investors can have a more dramatic effect on the price of a low volume trading stock. Additionally, the low price of penny stocks might actually encourage some segment of the spam’s recipients to participate in the scheme in an attempt to turn a profit.

According to the Composite Blocking List (CBL) the source of this latest round of stock spam is Slenfbot.

CBL listing

As recently as September 18, 2013, the same Slenfbot IP that sent the AAPL spam was touting a different stock: ALAN. ALAN is the stock symbol for Alanco Technologies Corporation, which normally trades between $0.40 and $0.80 on a daily trading volume of around ten thousand. AAPL, in contrast, is trading currently at $474.79 with an average daily trading volume of close to thirteen million.

The spam itself is unremarkable. It contains no links, just information about some undisclosed new gadget soon to be unveiled by Apple. While there have been rumors of a smartwatch type device floating around, this claim may also be a ruse to generate additional AAPL stock purchases. It is unclear how recipients of this spam will respond, given the lofty price of AAPL stock. (Apparently this is no barrier to entry for the spam senders.)

In light of all this, one central question remains. Could Slenfbot actually move the needle on AAPL stock enough to turn a profit for the botnet’s masters?

 

Thanks to Mary Landesman for her assistance writing this blog post.



Authors

Jaeson Schultz

Technical Leader

Cisco Talos Security Intelligence & Research