Mail has always been the preferred distribution method for spam and malware. For many years, attackers have attached to the mail executables of all kinds (exe, cmd, pif, bat, vbs... and all possible combinations of double extensions) in an attempt to infect systems. This has long been overtaken by filters and they are usually blocked at the perimeter level, but there are other less popular formats that are often used.
Around 2002, spam emails containing only images became very popular. With this, the attackers managed to bypass the word filters (the first obvious reaction against spam). In response to the images, anti-spam filters began using OCR (optical character recognition software) plugins, capable of interpreting text in graphics. Then they had to move the spammers, and began to introduce "noise" in the images to hinder automatic recognition by this type of software.
In June 2007, we suffered a real avalanche of spam in PDF format. Taking advantage of the fact that almost all systems have a reader, the attackers embedded the advertising in a PDF, or even in an image within the PDF. The sending campaign was massive and the filters did not work the first days, but very soon the programmers got to work and began to look inside these files (although they proved not to be prepared for the first blow, given the success that the attackers enjoyed the first hours). Then the PDF format would be used more to infect with malware... but in this Adobe has much more to say than the creators of spam filters.
Now, it appears that attackers are using HTML attachments to distribute junk and even infect systems. They use them in two ways:
Author: Sergio de los Santos
Source: Hispasec
Authors: Computer Security News
