14 DAY TRIAL // Security researchers tied the activities of a spam botnet with pump-and-dump stock fraud that took place between October 22 and November 18, 2015, and targeted the shares of Indie Growers Association Inc. (NYSE: UPOT).
The Waledac (Kelihos) botnet was first discovered in 2008 but reached its peak in 2011. While the Waledac malware came in multiple versions and had various capabilities that ranged from info-stealing functions to spyware features, it always remained a spam bot at its core, functionality that it continued to exhibit all these years.
In a controlled environment, from October 22 to November 18, 2015, Symantec researchers have seen computers infected with Waledac attempting to send over 35,361 spam emails, with 141 different email subjects.
Pumping up stock shares for an independent marijuana grower
Researchers analyzed the spam email and observed that a large portion of the spam was part of a classic pump-and-dump operation and that most of the emails were trying to "pump up" the stock of marijuana grower Indie Growers Association (UPOT).
The campaign that targeted UPOT started on November 7 and lasted for the next 11 days. Surprisingly or not, on the first day the campaign started, and before most spam filters would get to flag these emails as spam, UPOT's stock chart doubled, growing from a closing price of $0.06 to $0.12.
By the end of the second day, more than 300,000 shares were traded, and by the end of the eleven-day spam campaign, stock even reached $0.16.
Spammers made a few tens of thousands of dollars
Based on market numbers, Symantec estimates that the people behind the spam campaign could have made around a few tens of thousands of dollars if they bought cheap stock before the campaign started, and sold it at its highest point.
Because of the small number of transactions and the low estimated damages figure, the US Securities and Exchange Commission (SEC) was not alerted and there's no investigation under way.
"The Waledac botnet continues to be one of the most prevalent spam botnets on the threat landscape, pushing a variety of scams," Symantec explains. "Its continued existence and resiliency against takedown efforts over time shows that Waledac is not likely to disappear off the threat landscape anytime soon."
