Saturday, 21 July 2007

From PDF to XLS: Stock spam

Well well, the spammers change tactics yet again, from the image spam and the pdf spam... to the downright sneeky Excel spreadsheet spam.

As most companies use XLS (and PDF for that matter) the spammers know that companies won't block these extension types, as it'll stop genuine email too.

21st July 2007 timeline

At 16:11 UK time, I received an interesting stock spam sample and started to analyse;
At 17:00 UK time, I was received five more samples.... all XLS spreadsheets.

At 18:05 UK time, the first signature was uploaded to the mirrors:

Email.Stk.Gen598.Sanesecurity.07072000.xls

Here's a screenshot:














Wonder what format is going to be next for the spammers?

No comments: