In late July 2007, spammers developed a new variation of the pump-and-dump spam campaign in which text, Excel, and PDF files containing a spam message were zipped and sent as attachments to email messages. Spammers attempted to bypass text and image scanning engines in email security products by using compressed files which required the use of ZIP file utilities to decompress the attachment.
Barracuda Central, an advanced 24/7 security operations center that works to continuously monitor and block the latest Internet threats, quickly detected various forms of the ZIP file campaign that resembled the image spam attacks introduced in 2006. Examples of text and Excel forms of these spam messages are below.
Utilizing the Barracuda Spam & Virus Firewall’s sophisticated spam scoring engine, reputation technology and fingerprint analysis to detect known spam techniques within the message and its attachments, the message is given a score and acted on accordingly. Using these techniques, along with enhancements to Barracuda Networks Optical Character Recognition (OCR) technology, the Barracuda Spam & Virus Firewall effectively blocked ZIP files containing spam content.
Example of text file compressed within a ZIP file spam message
Example of an Excel file compressed within a ZIP file spam message
Example of another text file compressed within a ZIP file spam message