Spam comes in spreadsheet
Last month it was PDFs and this month it’s Microsoft Excel attachments being used by spammers to disguise their stock ‘pump-and-dump’ scams or more malicious attacks.
According to email security company PineApp, this is just the latest development in a new generation of image-based spam (they call it Spam 2) in an attempt to avoid detection by anti-spam engines. The new Excel attachments appear with file names such as invoice20202.xls, stock-information-3572.xls and requested report.xls.
This new approach to wrap messages in new file formats will successfully bypass most anti-spam engines that analyse the content. But technologies that look for patterns in mass emails – including PineApp’s Recurrent Pattern Detection (RPD), as it happens – are able to block this new type of spam automatically.
Content-agnostic RPD protects against image based spam attacks in any format or language, while PineApp’s Zombie Detection System (ZDS) offloads unwanted traffic at the network perimeter, based on the history and reputation of email senders. This dynamically identifies and blocks spam and malware in real time that is being sent from zombie computers or ‘bots’ that have been infected by Trojans.
“In the last month, image based Spam 2 attacks including pdf and excel spam accounted for over 50% of all spam we detected,” said Steve Cornish UK sales and marketing director at PineApp. “Excel spam on its own currently accounts for just 5% but this still represents millions of messages and next month we may start to see PowerPoint or Word files, for example. RPD technology is the only way to protect against this growing trend and stay one step ahead of the spammers.”
To block Spam 2 attacks, the PineApp Mail-SeCure appliance integrates five anti-virus engines – three signature based, one heuristic based and one zero-hour detection mechanism – along with 11 anti-spam engines. These include RPD along with Zombie detection, IP reputation, image spam defence, heuristic and Bayesian engines. When Mail-SeCure’s RPD engine is activated all incoming mail undergoes statistical and pattern detection analysis and is then blocked or tagged as spam.
In addition to non targeted threats such as spam, viruses, worms and Trojan-horses, Mail-Secure protects against targeted threats including Mail-bombing, DoES and Backscatter. The fully scaleable system also provides administrators with a single-point, three-tier management system that enforces advanced local policy and provides users with a mechanism to control and manage their mail flow.
