Subscribe

Spammers use Excel to cloak malware

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 24 Jul 2007

Spammers are using Microsoft Excel as the newest packaging for their stock pump-and-dump scams, says Commtouch, a Nasdaq-listed anti-spam technology provider. The finding is based on the company's analysis of billions of e-mail messages globally.

"Like other types of spam messages, the Excel spam is being sent from zombie computers or bots - typically home PCs that have previously been infected by Trojan malware," the company says in a media statement.

The Excel spam packaging promotes stocks in file attachments with names like "invoice20202.xls", "stock information-3572.xls", and "requested report.xls".

Commtouch CIO Amir Lev says Excel is a natural progression after a recent spate of PDF spam.

"We expect other file formats to follow suit. Think of the spam potential in PowerPoint files, or Word documents," he says.

Global spam traffic

Last week, Commtouch released its "Email Threats Trend Report" for the second quarter of 2007. The report showed PDF-spam comprised 10% to 15% of global spam messages during a 24-hour period, increasing overall global spam traffic by 30% to 40%.

Image spam dropped 50%, to less than 15% of all spam in that period. In the previous quarter of the year, image spam accounted for 30% of all spam in the first quarter of 2007.

The report also showed global spam levels remained high, with 85% to 90% of all global e-mail being spam.

Lev notes that spammers may assume that by wrapping the same message in a new format, they will bypass most anti-spam engines that try to analyse the content of mail messages.

However, technologies that rely on identifying patterns in mass e-mails block these types of messages automatically, regardless of the content or format.

Malware writers have used Excel in the past as a carrier for viruses. In June and July 2006, a series of attacks exploited vulnerabilities in Microsoft software, including Excel, Microsoft Word, and PowerPoint.

Related stories:
New malware trends breach defences
No end to spam
Worm bypasses gatekeepers
Global spam soars 30%
Challenging year ahead for anti-virus solutions

Share