Last fall, the Waledac botnet participated in a pump and dump stock spam campaign that resulted in a 100% increase in value for the targeted stock.The Symantec Security Response team explains in a blog post how the botnet targeted the stock of Indie Growers Association (UPOT), a company which has been linked to the cultivation of marijuana and to skyrocketing stock prices:“Between October 22 and November 18, 2015, Symantec observed, in a controlled environment, the Waledac botnet attempting to send out 35,361 spam emails from a single bot,” the security firm states. “Analysis of the spam emails showed a total of 141 unique email subjects being used. Further analysis showed the emails being related to stock pump and dump, click fraud, scams (e.g. lonely hearts), phishing, and money mule recruitment.”A stock pump and dump campaign consists of artificially inflating the a stock’s value by sending out misleading statements about that stock. In most cases, the individual(s) responsible for the campaign purchase shares cheaply with the intent to sell them at a higher price and make a profit. This type of activity is considered fraud.Beginning on November 7th, Waledac, which has been around since 2008 and which has survived several takedown attempts, began an 11-day run to promote UPOT.
An example of the spam email observed.On the first day of the campaign, UPOT was worth $0.08. Not two weeks later, the value of the stock had risen to $0.16, an increase in value which likely netted the culprits tens of thousands of dollars based upon the volume of shares traded.Due to the small number of transactions and the low damages figure, it is unlikely that the Securities and Exchange Commission (SEC) will get involved, Softpedia writes.“The Waledac botnet continues to be one of the most prevalent spam botnets on the threat landscape, pushing a variety of scams. Its continued existence and resiliency against takedown efforts over time shows that Waledac is not likely to disappear off the threat landscape anytime soon,” Symantec concludes.News of this fraudulent activity follows just two months after three men were indicted in the 2014 JP Morgan hack and for orchestrating a pump and dump penny stock campaign of their own.