RTF spam appears

Today we noticed a new wave of spam in our spam traps.  It has no message body whatsoever, and only a single Rich Text Format (RTF) attachment.

As you can see, the attachment is very small and contains a very simple message:

The format of the spam is very similar to the rash of image spam we have seen recently, which likewise used a message with no body, just an attached image.

Of course, this technique is not really new. We have seen experiments with different attachments before, including PDF files, Excel spreadsheets, Word documents, Zip files and even MP3 attachments.  Its all part of the continuous experiment on behalf of some spammers in an effort to avoid anti-spam filters. In the past most of these experiments have been short lived, probably because viewing the payload involves an extra step for the user - i.e. opening the attachment.  And users should be growing increasingly wary of that.