Spammers have turned to ZIP files to push pump-and-dump scam emails past filters, researchers said this week.
Commtouch’s lab disclosed on Tuesday that spammers are distributing email runs with ZIP files containing a text file with a stock promotion. The attachments are sometimes password-protected, according to Commtouch.
The files, however, cannot be opened by common ZIP file utilities built into Windows operating systems, and require compression tools like winrar. The use of an uncommon application may either be a strategy to bypass filters or an error by the spammer, according to Commtouch.
The Israel-based firm noted that the spam’s subjects often contain words like invitation, alert, notice, unpaid, article, invoice and document, as well as empty subjects.
Menashe Eliezer, head of the spam detection lab at Commtouch, told SCMagazine.com today that the ZIP files are checking for niche groups to attack.
"It works to bypass traditional anti-spam solutions, were end users might have an application for using a ZIP file," he said. "[The attacks] seem to go across the board and see the differences in some areas, then they check what kind of attack is most successful in bypassing anti-spam solutions."
Researchers at Sophos today called the ZIP spam a "strange example of a different file format" on the lab’s blog.
"RAR is a, relatively, popular proprietary archive format that has many plus points as an archiver. However, the minus points are that it is not universally installed or available to the majority of computer users," Sophos researches posted on the company blog. "By using RAR, the spammers have effectively shot themselves in the foot as the number of people capable of extracting the archive, and reading the spam message, has been greatly reduced."
At the time, Amir Lev, Commtouch chief technology officer, told SCMagazine.com that the use of Excel files is "a natural progression," and said that he expected the trend to continue using PowerPoint or Word documents to package unwanted mail.
Last month, Commtouch researchers reported a spike in PDF spam that, because of the size of the messages used, increased global spam traffic by as much as a third.
Click here to email Online Editor Frank Washkuch.
Click here for the latest SC Magazine Podcast – July 30, 2007: Is the iPhone an IT security threat?