Starting at ~3:20pm GMT today, Canadian Pharmacy spammers began using attached MP3 files as the call-to-action for their latest campaign. The message had no subject, no “text” body content, just an attached “audio/mpeg” file with a random lower case file name.
Upon playing the attached mp3 file, you find out why I called it the “call-to-action”. A robotic sounding woman’s voice reads off the URL they would like recipients to browse to (letter by letter), with porn-like moaning as background noise. I guess they are going for the often used spam tactic of tying ED pills (Viagra, Cialis, etc..) to porn star-like performance in bed.
Here is a re-encoded sample:
Canadian Pharmacy Waveform
Previous runs from these spammers took the more typical “Image spam” form (an attached JPEG). Example:
I am aware of at least one other spam run using attached MP3s, but you would have to go all the way back to 2007: Stock spammers pump up the volume with MP3 files
Yet another example of how willing spammers are to try anything to hide the content of their campaigns from filters. However in this case, I would suspect this technique won’t last for long as the likelihood of recipients opening some blank message with just an attachment, from an unknown sender, is quite low. That said, remembering back to the “Summer of PDF spam” (June/July/August of 2007 where 10-40% of all spam had attached PDFs) suggests they may not care if very few recipients open their spam.