Excel Spam Forms the Latest Trend
Spammers are using Excel files as the latest program to design pump-and-dump stock scams, according to reports from Commtouch on August 5, 2007.
The maker of e-mail security and anti-spam products, Commtouch Software Ltd., said that it started detecting spam based on the Excel spreadsheet format on July 21, 2007. These unsolicited e-mails promote stocks through attachments using names like 'stock information-3572.xls', 'invoice 20202.xls', and 'requested report.xls'.
Excel has come to naturally evolve from the recent PDF spam and the latter has progressed from image-based spam, said Amir Lev, Commtouch's CTO in a statement. PR-GB.com published Lev's statement on August 5, 2007. The security vendor expects that other file types like the Word document or PowerPoint would also follow the suit creating potentially successful spam, Lev added.
Commtouch explained that the Excel format is used in attachments to help get past spam filters that can only recognize messages with text. This technique was used earlier to disseminate viruses online. Just as in the case of other kinds of spam, the excel-based spam is distributed from compromised PCs or 'bots' that are usually home computers, already infected with Trojan malware. spammers control huge volumes of these bots in massive 'botnets' that they set up to launch malware outbreaks and worldwide spam.
Commtouch noted that malware authors have previously used Excel as a medium to spread viruses such as in a number of attacks in June and July of 2006. These attacks flourished by exploiting flaws in Microsoft programs like Excel, PowerPoint and Word.
The shift to Excel is another twist in spamming operations, said Lev. Users in general link danger with Excel files because hackers use the latter to install malware. Occasional instances of attacks often narrow their focus while using Excel sheets or other formats of Microsoft Office files.
Lev further said that spammers might think, sending spam messages in the garb of Excel format or any other new software would free their e-mails from anti-spam products that assess the message content. However, technologies designed to identify mass e-mail patterns anyway block the different kinds of spam mails irrespective of their format or content.
Related article: Excel Displays Three Holes
» SPAMfighter News - 18-08-2007