The resurrection of zip attachment spam

Beginning March 4, I started seeing a "new" type of spam in my inbox: spam with zip attachment that contain sexually suggestive subject lines.  The body contents of the messages are very short, only a single sentence and without punctuation.  The zip attachment, of course, are malware and are used to infect a user's machine to flip them into a botnet.  The suggestive contents prey on people's curiosity (to put it mildly).

I use the new and put it in quotation marks on purpose because the spam isn't really new.  We saw this type of spam back last summer.  Spammers first started doing PDF spam and that lasted for several weeks.  Then they moved on to zip attachments and then to Excel attachments.  Unlike PDFs, the latter two campaigns didn't last very long.

It is a very common spammer trick to rotate through their tactics.  They will use a particular technique, get bored of it, and then come back to it a few months later.  As spam fighters, after we've been doing this a while we start to think that there really is nothing new under the sun.  The techniques for fighting it are the same: a combination of reputation analysis and content filtering.  Most of the time, even a small amount of content has plenty of stuff to target.  Other spam filters, like Hotmail's Smartscreen, do a reasonably good job of targeting spam with very little content to examine.

Comments (2)

  1. Norman Diamond says:

    Infected zip attachments have been used for around 8 years.

    Last summer the PDF variety was as new to me as it was to you, but someone will probably correct both of us.

Skip to main content