News Stay informed about the latest enterprise technology news and product updates.

Spam crackdown: Bloggers take on the SEC

This week in Security Blog Log: The Securities and Exchange Commission's crackdown of 35 accused spam pushers is getting a mixed reception by bloggers.

The Securities and Exchange Commission (SEC) got a lot of attention last week when it suspended the trading of 35 companies it accused of pushing "recent and repeated spam email campaigns."

The commission ordered the trading suspensions -- part of an effort it calls Operation Spamalot -- because it questioned the accuracy of information about the companies involved. The SEC's main target is potentially fraudulent spam email hyping small company stocks with phrases like, "Ready to Explode," "Ride the Bull," and "Fast Money."

"It's estimated that 100 million of these spam messages are sent every week, triggering dramatic spikes in share price and trading volume before the spamming stops and investors lose their money," SEC Chairman Christopher Cox said in a statement on the SEC Web site. "When spam clogs our mailboxes, it's annoying. When it rips off investors, it's illegal and destructive."

Obviously something has to be done, but such draconian measures seem like they're probably going to fail in the end.
Kurt Wismer,
computer scientistAnti-Virus Rants blog

Security bloggers applauded the SEC's efforts this week, but there's plenty of skepticism over the long-term benefits of the crackdown. Some even worry that Operation Spamalot could end up hurting people who don't deserve it.

"I think it's kind of interesting that the SEC has decided to halt trading of companies that have been the subject of stock spam ... interesting in a 'how many ways can this go wrong' sort of way," computer scientist Kurt Wismer wrote in his Anti-Virus Rants blog. He referred readers to a point Beyond Security CEO Aviram Jenik made in the SecuriTeam blog about the potential problems Operation Spamalot presents.

Jenik wrote that the SEC is doing the right thing by fighting stock spam.

"The best way to fight the 'pump and dump' schemes is through the body that is responsible for controlling stock trading," he said.

But he also sees a "slippery slope" where companies could be wrongly punished because their stock appears in a spam message they had nothing to do with. "Is it the company's fault that someone is running a scheme on their stock?" he asked. "Quite the contrary … The company's stock usually takes a dive, and unless the company's owners are in on the scheme they have the most to lose from this fraud."

About Security Blog Log:
Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at

Recent columns:

Blogosphere highlights DST security concerns

Black Hat RFID controversy has bloggers up in arms

Microsoft takes a blogosphere beating over Vista UAC

Wismer wrote that a company could send out fake stock spam made to look like it's coming from a competitor in hopes of getting trading of the competitor's stock suspended.

"Obviously something has to be done, but such draconian measures seem like they're probably going to fail in the end," he said of the SEC's tactics. "Aside from the fact that our inboxes get deluged with the stuff, isn't the key to the stock spammer's success the fact that the recipients are purchasing the stock in ignorance [and] couldn't that ignorance be addressed?"

He also wondered if those who buy such stocks get a warning about the fact that the stock has been spammed and that "if they're buying it purely on the word of some email they received they may be deceived?"

While there is the possibility that the wrong companies could be punished in an effort like Operation Spamalot, security giants Symantec Corp. and McAfee Inc. make another point in their blogs: The spammers are making so much money right now that they are unlikely to be deterred by the SEC's crackdown.

"Until the people behind the spamming are caught, this type of scam will probably continue," Josh Harriman wrote in the Symantec Security Response blog. "The possible financial gain is such that the individual(s) responsible will probably continue taking these risks."

Kevin McGhee agreed in the McAfee Avert Labs blog.

"It is good to see something being done about this variant of spam but I wonder if this going to work," he wrote.

He noted that a stock spam campaign usually lasts a few days or weeks. "The examples given in the SEC's press release were stocks that were being spammed in September, December, and January but the trading suspensions will last for just 10 business days," he wrote. "In the past two days we have observed at least 14 different stocks being spammed and only one of which appeared on the SEC's list of 35."

While the SEC's tactics may have some merit, he said, "it will ultimately fail unless the spammed stocks can be suspended on first sight of spamming activity."

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.