Does anyone really care about opening a zip file to examine an RTF or JPEG file? This task—combined with a dull, unexciting, unstimulating subject line—competes with the content of the email to win a race of worthlessness. Spammers have traditionally used zip files to carry executables, but in most cases the subject line or the content of the message made an effort to encourage users to open the attachment.

There are cases of spamming attacks in which HTML attachments opened up a fully functional Web page, capable of carrying sensitive user information back to the fraudsters. However, with this latest spam attack using zipped files, not only have the spammers made an attempt to escape anti-spam filters, they’re missing out on reaching any users as well. The scope of returns for these messages looks to be much less rewarding than other comparable attacks.

Screen shot 2010-04-14 at 9.07.16 AM  

We are saying this attack will be less profitable because this isn’t the first time that a particular document type has been used to advertise medicinal pills. I’m referring to a case in which the spam campaign was suddenly abandoned after a 24- to 48-hour flood of spam messages. Last year, we had witnessed a similar attack using RTF attachments with random subject lines and no content. This attack too did not last long. Here’s an example image of the spam messages observed in May 2009:

Screen shot 2010-04-14 at 9.07.27 AM

In another similar sort of campaign, even JPEG image files were zipped—another case of complicating affairs for anti-spam filters. This attack also made a short appearance that really just looked like a trial run. Perhaps it gave a similar RTF-kind of feeling to the spammers and as a result the unfussy (not zipped) image spam attacks may be making their return:

Screen shot 2010-04-14 at 9.07.40 AM

So, the question remains, did zipping RTF or JPEG files really help? We strongly feel it did not help at all. Lesser returns on investment and a lack of user attention to these messages (if they ever actually reached a user inbox) may have been a big discouragement for spammers to continue this spam campaign.