Marshal's Threat Research and Content Engineering (TRACE) Team today announced a new form of spam that is hidden in Word documents. The new type of spam uses a combination of obfuscation and social engineering in an effort to bypass anti-spam software and spam-savvy email users.

This latest version of spam looks like a typical business email containing a Word document attachment. The email subject line and file name are also business related, so that recipients are more likely to open it. The message body contains little or no text but the Word document contains the spam message.

Users open the document expecting to find an invoice or purchase order and instead find a spam message. Marshal's TRACE team has identified over 100 examples of the new Word spam since it first appeared on August 17 2006. The new strain is being sent out from a number of different countries, indicating the spam is likely being distributed from zombie PCs.

MailMarshal takes a layered approach to identifying spam and doesn't rely on one particular method. It used a host of techniques, including reverse DNS (domain name server) checks, header analysis, real-time blacklist checks, to detect this new type of spam. According to the TRACE team, more simplistic spam solutions that rely on only one or two methods can be caught out by this spam type.

Related links: (Open in a new window.)
www.marshal.com/

View printable version (opens in new window)
Back