One more file format we can't trust

GCN Insider | Excel, PDF spam clutters inboxes

IronPort Systems, a provider of anti-spam technology, reported last month an outbreak of Excel spam, in which a text message was sent in an Excel file. This followed by little more than a month the appearance of PDF spam, which ' as its name implies ' is spam sent in a PDF file.

'Within hours of their release, Excel and PDF spam represented as much as 17 percent of total spam volumes,' IronPort said in its outbreak report.
That's an impressive figure, given that spam now accounts for anywhere from 75 percent to 90 percent of all e-mail traffic, depending on whose statistics you use.

'The emergence of Excel and PDF spam proves the high degree of spammer sophistication,' IronPort said.

Not necessarily. But it does demonstrate a fairly high level of adaptability on the part of purveyors of unsolicited commercial e-mail.

As spam filters have evolved to intercept more of these messages, spammers have moved from increasingly convoluted plain text to increasingly cropped and chopped text embedded in images.

The use of PDF documents and spreadsheets as delivery vehicles probably was inevitable, and we regret not patenting the technique before spammers started using it. No doubt audio and video spam are right around the corner, along with just about any other file format that can be attached to an e-mail.

Fortunately, anti-spam techniques such as reputation filtering and monitoring of global network traffic can help block these zero-day outbreaks before your inbox becomes overwhelmed. But the ultimate solution to the epidemic of spam is for all of us to just stop opening it or ' God forbid ' responding to it.

The Excel spam example cited by IronPort was a typical pump-and-dump stock scam promising a fivefold return on your euros 'we assume it would work with dollars, too. Well, here's a hot tip: If your broker has any good investment advice for you, he's not going to spam you with spreadsheets. Just delete it.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected