One more file format we can't trust
GCN Insider | Excel, PDF spam clutters inboxes
IronPort Systems, a provider of anti-spam technology, reported last month an outbreak of Excel spam, in which a text message was sent in an Excel file. This followed by little more than a month the appearance of PDF spam, which ' as its name implies ' is spam sent in a PDF file.
'Within hours of their release, Excel and PDF spam represented as much as 17 percent of total spam volumes,' IronPort said in its outbreak report.
That's an impressive figure, given that spam now accounts for anywhere from 75 percent to 90 percent of all e-mail traffic, depending on whose statistics you use.
'The emergence of Excel and PDF spam proves the high degree of spammer sophistication,' IronPort said.
Not necessarily. But it does demonstrate a fairly high level of adaptability on the part of purveyors of unsolicited commercial e-mail.
As spam filters have evolved to intercept more of these messages, spammers have moved from increasingly convoluted plain text to increasingly cropped and chopped text embedded in images.
The use of PDF documents and spreadsheets as delivery vehicles probably was inevitable, and we regret not patenting the technique before spammers started using it. No doubt audio and video spam are right around the corner, along with just about any other file format that can be attached to an e-mail.
Fortunately, anti-spam techniques such as reputation filtering and monitoring of global network traffic can help block these zero-day outbreaks before your inbox becomes overwhelmed. But the ultimate solution to the epidemic of spam is for all of us to just stop opening it or ' God forbid ' responding to it.
The Excel spam example cited by IronPort was a typical pump-and-dump stock scam promising a fivefold return on your euros 'we assume it would work with dollars, too. Well, here's a hot tip: If your broker has any good investment advice for you, he's not going to spam you with spreadsheets. Just delete it.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.