[funsec] How Lucrative is Pump-and-Dump Spam?

Fergie fergdawg at netzero.net
Fri Mar 9 16:50:25 CST 2007

Hash: SHA1

Obscene. :-)

This is an example of some fun we have been having in the office
the past few months -- watching Moriarty's "fantasy" pump-and-dump
stock investments.

Via the Zero Day Blog.


Are pump-and-dump spammers really making money from hyping penny stocks in
e-mails? Paul Moriarty has the answer and it's an eyebrow-raising sight.

Over the last month, Moriarty, director of product development for Internet
Content Security at Trend Micro, has been running a virtual portfolio of
selling short on stocks found during spam runs. After 22 transactions in a
five-week period, he has earned a whopping $25,610.

Short selling (shorting) a stock is the act of profiting from a stock price
going down. A short seller will typically borrow a security and sell it,
expecting that it will decrease in value so that they can buy it back at a
lower price and keep the difference.

During Moriarty's research, he used data from pump-and-dump e-mails
flooding into Trend Micro's spam honeypots. "As soon as I see activity on a
particular stock, I'll short that and set a limit to cover after I've made
10%. In just over five weeks, I've turned a 25.6 percent profit on a
$100,000 virtual portfolio. This is exactly what these spammers are doing.
It's risky business but it's easy money," Moriarty said in an interview.

"I made money on every transaction," he added.



- - ferg

Version: PGP Desktop 9.5.3 (Build 5003)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: http://fergdawg.blogspot.com/

More information about the funsec mailing list