New Word document spam doing the rounds

Stan Beer
Thursday, 24 August 2006 19:54

Business IT - Security

Security firm Marshal has identified a new form of spam that is hidden in Word documents. The new type of spam uses a combination of obfuscation and social engineering in an effort to bypass anti-spam software and spam-savvy email users.

According to Marshal, the latest version of spam looks like a typical business email containing a Word document attachment. The email subject line and file name are also business related, so that recipients are more likely to open it. The message body contains little or no text but the Word document contains the spam message.

Users open the document expecting to find an invoice or purchase order and instead find a spam message.

Marshal says it has identified over 100 examples of the new Word spam since it first appeared on August 17 2006.

According to Marshal, the new strain is being sent out from a number of different countries, indicating the spam is likely being distributed from zombie PCs.

“Spammers have traditionally avoided emailing spam as an attached Word document because not everyone has Word and the it makes the size of the email larger than normal, making it less efficient to distribute in large volumes,” said Bradley Anstis, Director of Product Management for Marshal.

“However spammers now realise that fewer regular spam messages are getting through anti-spam filters. They are turning to new ways of trying to circumvent them. In this case, they are accepting the penalty of increasing the message size in order to get more spams through the filters.”