Funny guy: What's the secret of great comedy?
Straight man: I don't know, what is the secret of gr...
Funny guy: Timing.
And timing is also the secret to profitable stock kiting. In my previous post, I quoted Symantec's Amado Hidalgo, who hinted that the Trojan writers appeared to be working to a deadline. Presumably it was a deadline imposed by their stock-kiting scam-masters.
I'm guessing from the date of the blog post that the "burst of almost 1,800 emails" that Hidalgo talks about would have been over the weekend, or certainly before the markets opened on Monday.
Yes, timing is everything when encouraging fools to part with their cash. The botnet needs to be ready to spew out its quota of kiting come-ons at what the scammers calculate is just the right moment:
Too soon, and they risk clever day-traders buying in on the upswing and cashing out before the scammers do, thus reducing the ill-gotten profits
Too late, and the regulators might take an interest in the scammers' unusual transactions, before the scammers have had a chance to cash out and launder the profit
Not only that, but the spam needs to be sent in as short a time as possible -- in one, concentrated burst. If it's too spread out, the scammers can suffer either or both of the problems above. I conclude that this is why we're seeing these new botnets send a load of messages quickly, then falling silent -- as opposed to dribbling out fewer over a longer period.
This new strategy risks quicker discovery, but there seems to be no end to virus writers' ingenuity in infecting new victims' PCs.