Since we first wrote about the BBB phishing emails, we’ve seen variants change from forging BBB complaint letters to false IRS criminal investigation notices to FTC investigation notices. We’re now seeing messages from the same phishing group posing as “Proforma” invoices, now being sent with a Word document attachment (actually MS Word this time, not RTF doc files as in the other BBB/IRS phishing scheme).
Recently I took a look at the Rustock trojan in order to see what the financial motive behind it was. No surprise, as it turns out the motive is spam. Using a sandnet, I injected myself into the botnet - able to capture (and blackhole) a small portion of the spam being sent through the system. And, as with a lot of spam these days, it′s the pump-and-dump kind - spam touting penny stocks to would-be investors.
The specific spam sent by the Rustock botnet a few days ago can be seen at right. The stock being promoted is a penny stock that trades at fractions of a cent on a normal basis. I tracked both the spam and the stock price over the course of a few days, and did a few calculations.