Tuesday, July 24, 2007

Spam, Excel and Zip, a new trend.

Several days ago I started noticing email messages on my spam-honeypots that carry ZIP-packed Excel files. When opened, these Excel files are using pump-and-dump schemes that spam mails are now notorious for. Using ZIP-files as a carrier of malicious files is already a known routine of many malware families like Bagle. Using ZIP as carrier or as part of a spam scheme, however, is quite new and may be a social engineering tactic more than anything else. The fact that the email arrives as an Excel file packed in ZIP may have more to do with an attempt to lend credence to a stock-related email at a time when authorities are seriously running after pump-and-dump spammers. That the spammer choose Excel, an application usually associated with accounting and money, may not be a coincidence as well.