Excel, the New Attack Instrument for Pump-and-Dump Scammers

By using Microsoft Excel software, pump-and-dump scammers are now delivering their fraudulent schemes by employing another new technique to bypass anti-spam filters.

E-mail security vendor Commtouch Software detected a series of spam mails on July 21, 2007 that had embedded Excel attachments named as "stock information3572.xls" and "invoice20202.xls".

As is typical of pump-and-dump scams, the Excel spreadsheets contain the message canvassing shares of few low traded companies at false high prices. The fraudsters, who had already purchased the shares in their actual lower prices, entice others to buy them. When this new demand raises the stock prices, the scammers dump their holdings, making significant profits.

Like the usual treatment of spam mails, the new Excel spam is also sent out from zombie armies of computers or 'bots', which are home PCs previously infected by Trojan. spammers operate these bots within huge networks called 'botnets' that the crooks utilize for launching malware attacks or global spam.

Excel spam has naturally come to evolve from the recent PDF spam, which developed from image spam. It won't be a surprise if spam follows in formats of other file types as well like the PowerPoint or Word file, said Amir Lev, chief technology officer of Commtouch. Commtouch reported this on July 23, 2007.

As hackers use Excel files to deliver malware, people are beginning to associate them with danger. Intermittent attacks that focused narrowly and use Excel spreadsheets or/and other file format in Microsoft Office have been hurled since 2006. For instance, according to MessageLabs' report in June 2007, in 95% of total targeted attacks, at least one spam message sent to one user featured an Office file attachment.

Similarly, PandaLabs reported in July 2007 about a HiddenXLS.A virus that attacks Excel files on an affected computer. This virus searches for all files named with .xls extension stored in the infected system and mapped drives to join an executable file at the starting of these .xls files. This way, the extension name changes to .exe, which allows malicious code to run whenever the user attempts to open the file document.

Related article: Excel Displays Three Holes

» SPAMfighter News - 8/3/2007