Friday, March 9, 2007

Who Names These Things?

Yesterday, the SEC launched Operation Spamalot to combat pump-n-dump stock fraud that utilizes spam to artificially 'pump' some penny stock price. Aside from thinking that the name is atrocious and feeling sorry for Eric Idle, I think this is a good idea. Pump-n-dumps are an old trick, only the spam part is new.

So starting today, if your stock symbol shows up in spam, the SEC will suspend trading of your stock. They've already suspended 35 companies.

Aviram Jenik at Securiteam is concerned that this could be used to perform DoS attacks against bigger stocks. While technically possible, it's unlikely for a number of reasons. First, unlike firewalls receiving shun commands from IDS sensors, there will be people making these decisions. Second, if you look, it's pretty easy to see a pump-and-dump on paper. I collected some examples from stock spam I got this morning for you to look at. I'll bet you can see one way to differentiate them from the big boys right off the bat. The trading history tells the rest of the story.


No comments: