Attachment spam has so far run the gamut from PDF to XLS, RAR-compacted TXT, FDF, and RTF. The Trend Micro Anti-Spam Engine (TMASE) recently caught the newest addition to the list: DOC spam.

While most of the earlier forms of attachment spam–with the exception of RTF–were stock spam that promoted certain companies so that their share price would rise, this one is simply advertising a couple of impotence medicine that need not be mentioned lest we inadvertently endorse it.

What’s worth mentioning is that the spammed email messages carrying the DOC attachments also bear a “warning,” which informs recipients that the document is only available for a limited time (3 days). It also uses catchy subjects and document file names like “Private Message” and “Confidential Message,” clearly tugging on recipients’ sense of urgency to get them to open the attachments straightaway.

Opening the DOC attachment downloads no malware. Clicking on the URL within the attachment does not lead to a malicious site either. The Trend Micro Content Security (CS) team does not see many samples, but users would do well to be aware of spam’s many new forms to protect themselves and their assets (machines, money, etc.) as the next slew of .DOC spam could already be malicious.

Apart from .DOC spam, the CS team also caught samples of “one-word” spam–so named because of its use of one random word for its subject and message body:

Given its lack of obvious motives (apart from flooding inboxes), it is postulated that this type of spam is either malware-related, or is just “pre-spam” spam. That is, its main purpose is to simply fish for valid email addresses. Once the addresses are validated, then perhaps that’s the time spammers will send the more profitable messages. Or in the case of .DOC spam, attachments.

Data provided by Trina Baetiong and Lala Manly.

Additional text by Paul Oliveria.