Does anyone really care about opening a zip file to examine an RTF or JPEG file? This task—combined with a dull, unexciting, unstimulating subject line—competes with the content of the email to win a race of worthlessness. This is how we at Symantec feel about recent, short-lived spam attacks using compressed RTF and JPEG files. Spammers have traditionally used zip files to carry executables, but in most cases the subject line or the content of the message made an effort to encourage users to open the attachment.
There are cases of spamming attacks in which HTML attachments opened up a fully functional Web page, capable of carrying sensitive user information back to the fraudsters. However, with this latest spam attack using zipped files, not only have the spammers made an attempt to escape anti-spam filters, they’re missing out on reaching any users as well. The scope of returns for these messages looks to be much less rewarding than other comparable attacks.
We are saying this attack will be less profitable because this isn’t the first time that a particular document type has been used to advertise medicinal pills. I’m referring to a case in which the spam campaign was suddenly abandoned after a 24- to 48-hour flood of spam messages. Last year, we had witnessed a similar attack using RTF attachments with random subject lines and no content. This attack too did not last long. Here’s an example image of the spam messages observed in May 2009:
In another similar sort of campaign, even JPEG image files were zipped—another case of complicating affairs for anti-spam filters. This attack also made a short appearance that really just looked like a trial run. Perhaps it gave a similar RTF-kind of feeling to the spammers and as a result the unfussy (not zipped) image spam attacks may be making their return:
So, the question remains, did zipping RTF or JPEG files really help? We strongly feel it did not help at all. Zipped or not, Symantec will always find the best way of blocking these messages. Lesser returns on investment and a lack of user attention to these messages (if they ever actually reached a user inbox) may have been a big discouragement for spammers to continue this spam campaign.