Security firm Sophos said that the emails come with an Excel spreadsheet file labelled 'invoice.xls'. It then uses an embedded image to deliver the spam.
While it is possible to write malware that exploits Excel, no malware has been included in the emails so far. Sophos believes that this could be a sign that "we're winning the war against spam".
"The success of text and image spam recognition is forcing spammers to ever more desperate methods of propagation," said Graham Cluley, senior technology consultant at Sophos.
"If users have to go through all of the rigmarole of opening up attachments before the spam can be delivered, unlike image and text spam which is instantly displayed, people will get wise and just delete it."
Cluley pointed to the rapid rise in PDF spam as another example of this desperation.
However, spam still generates successful response rates of around five percent. Most direct mail response rates for legitimate companies struggle to make one percent.
Spammers move onto spreadsheets
By Iain Thomson on Jul 25, 2007 2:37PM