Dope growing stock gets high on Waladec botnet

Pump and dump spam from the notorious Waladec botnet may have netted fraudsters tens of thousands of dollars by triggering a brief spike in the stock price of a US marijuana cultivation firm.

Security firm Symantec has plotted out evidence that links unusual trading activity in Indi Growers Association’s stock in November to a burst of pump and dump spam from Waladec that month.

Waladec, also known as Kelihos, has been around for several years and has been the subject of numerous attempted takedowns, the last of which occurred in 2012.

As Symantec notes, the botnet has been used to collect credentials from compromised computers and perform denial of service attacks, but it’s mostly known for using infected computers to distribute spam.

Indi Growers Association is based in Washington, where medical and recreational marijuana use is legal. The company says on its website that it aims to lease large-scale greenhouses to growers of medical-grade marijuana.

However, more interesting than the firm’s industry is its stock (UPOT), which was trading at $0.59 in January but had settled at US$0.05 by October 8, where it remained until November 1.

Symantec speculates the pump and dump perpetrators chose the stock for its historically volatile price. Spam runs promoting UPOT began on November 7 and lasted 11 days to November 18, according to Symantec, during which time UPOT peaked at $0.16.

While it can’t be proven that the pump and dump spam caused the spike, the botnet is capable of distributing a lot of spam to potential investors. Symantec said it observed a single bot sending over 30,000 spam in a month. Historically, Waladec has had between 40,000 to 100,000 bots at disposal.

There’s also a correlation between Waladec’s UPOT spam and UPOT’s price, but more tellingly a flurry of trading as the price began to climb. Two days after Waladec’s ‘buy UPOT’ spam began, the stock jumped to $0.08 and on November 9 reported “unusual trading” in the stock.

“UPOT, Indie Growers Association, displayed unusual trading activity shuffling nearly 300,000 shares in today’s session up nearly 100% intra-day slapping .12 cents, up from its prior close of just around .06 cents,” the trading site reported.

It’s probably no coincidence that on November 18 — the day Waladec’s UPOT spam ended — UPOT’s price peaked at $0.16 when the fraudsters would likely have begun dumping the stock. UPOT was trading at below $0.05 by January 1, 2016.

“While it’s difficult to put a figure on the profit that the perpetrator of this pump and dump scam may have made, given the volume of shares traded around this time we would estimate it to be potentially in the tens of thousands of dollars,” Symantec’s security response team noted.

Read more: Google distrusts “widely trusted” Symantec root certificate

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Read more: Australians overconfident on security prowess despite surging toll of breaches

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags symantecwashington​Waladec botnetmarijuana cultivationIndi Growers AssociationKelihos

More about AppleCSOGigamonSymantecVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts