Zip File Spam Protection from the Barracuda Spam Firewall

        

In late July 2007, spammers developed a new variation of the "pump-and-dump" stock spam campaign in which text, Excel, and PDF files containing a spam message were zipped and sent as attachments to email messages. With their zip file spam, these spammers attempted to bypass text and image scanning engines in email security products by using compressed files that required the use of ZIP file utilities to decompress the attachment.

Barracuda Central quickly detected various forms of the ZIP file spam campaign, many of which resembled the image spam attacks introduced in 2006. See examples below.

Zip file spam protection came from using the Barracuda Spam Firewall's sophisticated spam scoring engine, reputation technology and fingerprint analysis to detect known spam techniques within the message and its attachments, the message is given a score and acted on accordingly. Using these techniques, along with enhancements to Barracuda Networks Optical Character Recognition (OCR) technology, the Barracuda Spam Firewall effectively blocked ZIP files containing spam content.

Just as Barracuda Networks was the first major appliance vendor to introduce OCR technology in 2006 and PDF spam filtering techniques earlier in 2007, the Barracuda Spam Firewall was the first to utilize a comprehensive scanning approach to successfully block this latest "pump-and-dump" stock spam campaign.

Example of text file compressed within a ZIP file spam message

Example of an Excel file compressed within a ZIP file spam message

Example of another text file compressed within a ZIP file spam message