July 2007 Archives

One of the rocket scientists over at Spam Central has plumbed new depths in the search for novel ways to deliver their stock spam. They've started sending Excel spreadsheets ... compressed as zip archives. The documents promote EXMT.PK and are stylistically similar to other Excel spams promoting the same company's stock on the Frankfurt exchange (sent only to German addresses, we've only seen examples of these in backscatter).

Aside from the fact that zip attachments are 'delete on sight' for 99.99% of the anti-spam and anti-virus solutions out there, I really can't see anything wrong with this idea at all.

Security vendor BitDefender has reported that the number of spam messages with PDF attachments dropped recently.

Having just checked our traps and found large numbers of PDF spams advertising SREA.OB (again) and SZSN.OB (again), I can't help wondering if BitDefender is connected to the same Internet that we are.

As previously reported, stock spammers are now increasingly using attached PDFs to carry the payload of their messages. Recently, PDFs even seem to have replaced plaintext stock spam. Out of curiosity, I graphed the trends since the start of the year.

Ex Spamfrica, semper aliquid novi. PDF spam is only a few weeks old, and the stock spammers are already trying something new. Check your mailbox for the first wave of stock spam sent as Excel spreadsheets (.xls).

One of the things that makes stock spam so hard to fight is that it's easy for the spammers to disassociate themselves from their messages. They don't need to give out a telephone number, an email address or the name of a website. They just need to send out the name of a stock that they're interested in and hope someone will buy. In theory, you might try to correlate spam campaigns with trading activity and identify the interested parties that way, but that's slow and complex, and the evidence tends to be circumstantial at best. For this reason, the identities of the big stock spammers are still mostly a mystery.