Thorsten Holz, a graduate student at the Laboratory for Dependable Distributed Systems at University of Mannheim in Germany, and his co-author, Rainer Böhme of the Technische Universität Dresden, found that the price of the 93 stocks for which they could find historical data rose an average of 1.7 percent on the day that one or more e-mail messages referenced the stock. The following day, the stock price declined 0.9 percent on average, but rose by the same amount on the second day after the spam had been received. A higher volume of spam targeting a particular stock generally resulted in a greater increase in the price of that stock, the researchers found.

"Investors pay attention and feel that (a vulnerability announcement) signals poor quality of the product and reputation loss for the firm and, hence, are willing to punish them," Rahul Telang, assistant professor of information systems at Carnegie Mellon University and co-author of the paper, said in an e-mail interview. "Therefore, we found evidence that such disclosure does create incentives for vendors to invest in better security."