Spammers are Excel-ing, literally. Text and image spam as PDF files are now old news as MS Excel enters the spam scene. Last July 22, Trend Micro researchers started noticing email messages that carry ZIP-packed Excel files. When opened, these Excel files stink of pump-and-dump schemes that spam mails are now notorious for. See images below:
Using ZIP as carrier of malicious files is already a known routine of many malware families like WORM_BAGLE and TROJ_YABE. Using ZIP as carrier or as part of a spam scheme, however, is quite new and may be a social engineering tactic more than anything else. The fact that the email arrives as an Excel file packed in ZIP may have more to do with an attempt to lend credence to a stock-related email at a time when authorities are seriously running after pump-and-dump spammers. That the spammer chose Excel, an application usually associated with accounting ergo money, may not be a coincidence as well.
Spam Excel(s) now and it is not far off the mark that it Word(s) and PowerPoint(s) in the future…and Photoshop(s) and Outlook(s) and ….