A few more tidbits from the front-lines in the war against spam.

PDF stock spam remains popular, but zip spam is also being sent out in large volumes. Some of the attached zip archives contain Excel spreadsheets, but we've also seen plain text documents that have been sent this way. As a reminder, zip files can contain all kinds of nastiness, so you're better off leaving them unopened.

PDF spam is overwhelmingly used for stock spam, although we've had a handful of pharmacy spams using the format. The pharmacy spams are dressed up to look like an 'official notice' that your 'account' with some fictitious pill company has been 'moved' to a different server. As previously reported, PDF and zip spam now predominate, but we're starting to see a few traditional plaintext spams again, including some advertising stocks on the Frankfurt exchange.

Meanwhile, the phishers have a new twist. We just received a phish claiming to be from registrar GoDaddy. Any recipient who was foolish enough to fall for the scam would essentially give up control of their domains to the scammer, allowing them to commit all kinds of mischief, from holding the domain for ransom to reusing it in a second-stage phishing scam. If you do own a domain, it's worth making sure that the address you use to communicate with your registrar is a special, private address, not the published contact address for your domain or any other publicly-published address. That way you can immediately throw away any messages that appear to come from your registrar but which go to the wrong address (the same tactic works for dealings with your bank, Amazon or anything else that might be a target for phishers).

Incidentally, the GoDaddy phish was addressed to an address that is not a registered contact address for any domain, so the spammers aren't yet performing much in the way of social engineering 'due diligence'. Expect that to change, and the phishes to become more sophisticated in future.