Spammers Use Excel to Cloak Malware

Spammers are utilizing Microsoft Excel as the newest packaging for their spam, says Commtouch, a Nasdaq-listed anti-spam technologies provider. The obtaining is based on the company’s analysis of billions of email messages globally.

“Like other varieties of spam messages, the Excel spam is becoming sent from zombie computers or bots usually property PCs that have previously been infected by Trojan malware,” the firm says in a media statement.

 

MCTS Certification, MCITP Certification
Best Comptia A+ Training | Comptia A+ Certification 2000+ Exams at Examkingdom.com

The Excel spam packaging promotes stocks in file attachments with names like “invoice20202.xls,” “stock information-3572.xls,” and “requested report.xls.”

Commtouch CIO Amir Lev says Excel is a natural progression soon after a recent spate of PDF spam, which itself was a development from basic image spam.

“We anticipate other file formats to follow suit feel of the spam possible in PowerPoint files, or Word documents,” he says.

Other file formats Commtouch lately released its Email Threats Trend Report for the second quarter of 2007. The report showed PDF-spam made up 10-15% of global spam messages throughout a 24-hour period, increasing overall global spam targeted traffic by 30-40%.

Image spam dropped 50% to less than 15% of all spam in that period. In the prior quarter of the year, image spam accounted for 30% of all spam in the initial quarter of 2007. The report also showed global spam levels remained high, with 85-90% of all global email becoming spam.

Lev says spammers assume that by wrapping the very same message in a new format, they will bypass most anti-spam engines that try to analyze the content material of mail messages.

On the other hand technologies that rely on identifying patterns in mass emails block these sorts of messages automatically, regardless of the content or format.

Malware writers have utilised Excel in the past as a carrier for viruses. In June and July 2006, a series of attacks exploited vulnerabilities in Microsoft software program, such as Excel, Microsoft Word, and PowerPoint.