The rather tiresome back and forth between spammers and the security industry has taken another turn. The good news is that image spam -- the embedding of spammer's messages in GIF and JPEG files that was the du jour approach only months ago -- was down in June, according to Symantec.
The bad news is the reason it faded. Spammers and other cyber criminals' M.O. generally is to ride one horse until opponents get mobilized and fight back. They then flee to greener pastures. That's what apparently has happened here. This InternetNews story reports that PDF files have replaced images as the distribution method of choice for spam.
This is a troubling development to security experts because PDF files present a unique challenge. They are bigger than image files and other vessels in which the bad guys have hidden messages in the past. Thus, it takes longer for spam filters to process them and increases the odds of operational disruptions.
So far, the InternetWeek story reports, the Acrobat files are not being used to distribute worms, Trojans and other malicious payloads. Instead, they are just pushing "pump and dump" stock messages. The odds are, however, that the more serious action will start if the security industry doesn't fight PDF spam with the same tenaciousness with which it met image spam.
Spam is so ubiquitous that it's easy to forget how devastating it can be. This InformationWeek story describes how some of the pieces fit together in this underground economy. A bright spot is that an FBI agent speaking at the Federal Trade Commission Spam Summit last week said that 70 active investigations into spam-related crimes are under way.
More information about the state of prosecutions is available in this CNET blog, which hints that vigorous law enforcement efforts may be in the offing. The piece, however, also says that the international nature of spam -- and the need to get many nations on board to wage an effective fight -- remains a "massive challenge."
A sour note in the InformationWeek story is that software is available that makes it easy for an "average user," in the words of the story, to launch an attack. (Easy to use criminal tools, apparently, is an unwelcome trend. It is being seen in criminals' efforts to hide from forensic investigators.) The piece doesn't say whether the "Spam For Dummies" software extends to the new PDF variant.
It's safe to assume that PDF spam will proliferate, at least for the time being. IT managers and security personnel should make sure they are up to speed on the topic. Two blogs that are focusing on the technical issues are Chris-Linfoot.net and MoMusings. There certainly will be an increasing amount of information available at technical blogs and security firm sites as time passes. IT departments are well advised to pay close attention.