In the beginning stock spam was just simple text. Shortly after, email spam filters adapted to block that.
Then spammers started to use html. Again, spam filters adapted to block that.
Then spammers started to use images. Spam filters adapted to block that.
Then spammers started to use PDF attachments. Spam filters are adapting for that right now.
And now spammers are starting to use Office files (.XLS Spam).
Stock Spam Example
Lets take this EXMT Spam as a case in point. You receive an e-mail with just a zip. No subject field, no text content:
You open the spam zip file from Market Watch (which you should never do in the first place unless you run an anti-virus check first). The ZIP contains a single Excel spreadsheet file:
…and when opened in Excel… it’s just pinksheet stock spam.
Stock spammers are always trying to break through email filters and these new tactics of XLS Spam gets through filters better… for the time being anyway. People probably pay more attention to them, too.
Of course, opening unknown ZIP or XLS files is always risky as there might be malicious code embedded. However, in this case it was just spam.
What next? Attached MP3 files that are radio commercials? Haven’t seen that yet but I’m sure somebody’s already tried it.