Spammers are adopting obscure file formats to get attachments passed security filters, Symantec researchers have warned.
According to Symantec, spammers have taken to using two formats in particular, the electronic fax format, eFax, and the Internet Explorer web archive format, MHT, in a bid to sidestep aggressive filtering for better known file types.
The attacks detected by the company are standard in every way except the file format used for the attachments, both of which open convincing but bogus websites designed to scam unsuspecting visitors.
"Users need to be cautious of unknown file types and should understand the capabilities of the new file type encountered before attempting to open it," caution the researchers with understatement.
Experimenting with file attachment formats in spam isn't a new phenomenon, but usually involves popular types known to users. The use of unfamiliar MHT and EFX formats shows the lengths to which spammers will now go to get dangerous content into email inboxes by whatever means. PDFs, ZIP files emerged as a favoured type in 2006, but are now tricky to get past most attachment filters because the threat is known.
It is unlikely that the use of attachments in place of embedded links or html is significant beyond the possibility that recipients might be more drawn to open an email because it comes with an attachment. In many cases, the email might get caught for other reasons, such as the use of keywords, the subject line, or because the sender's address falls foul of reputation filtering.