Well well, the spammers change tactics yet again, from the image spam and the pdf spam... to the downright sneeky Excel spreadsheet spam.
As most companies use XLS (and PDF for that matter) the spammers know that companies won't block these extension types, as it'll stop genuine email too.
21st July 2007 timeline
At 16:11 UK time, I received an interesting stock spam sample and started to analyse;
At 17:00 UK time, I was received five more samples.... all XLS spreadsheets.
At 18:05 UK time, the first signature was uploaded to the mirrors:
Here's a screenshot:
Wonder what format is going to be next for the spammers?