Image Isn't Everything as PDF Spam Grows

Carl Weinschenk

The rather tiresome back and forth between spammers and the security industry has taken another turn. The good news is that image spam -- the embedding of spammer's messages in GIF and JPEG files that was the du jour approach only months ago -- was down in June, according to Symantec.


The bad news is the reason it faded. Spammers and other cyber criminals' M.O. generally is to ride one horse until opponents get mobilized and fight back. They then flee to greener pastures. That's what apparently has happened here. This InternetNews story reports that PDF files have replaced images as the distribution method of choice for spam.


This is a troubling development to security experts because PDF files present a unique challenge. They are bigger than image files and other vessels in which the bad guys have hidden messages in the past. Thus, it takes longer for spam filters to process them and increases the odds of operational disruptions.


So far, the InternetWeek story reports, the Acrobat files are not being used to distribute worms, Trojans and other malicious payloads. Instead, they are just pushing "pump and dump" stock messages. The odds are, however, that the more serious action will start if the security industry doesn't fight PDF spam with the same tenaciousness with which it met image spam.


Spam is so ubiquitous that it's easy to forget how devastating it can be. This InformationWeek story describes how some of the pieces fit together in this underground economy. A bright spot is that an FBI agent speaking at the Federal Trade Commission Spam Summit last week said that 70 active investigations into spam-related crimes are under way.


More information about the state of prosecutions is available in this CNET blog, which hints that vigorous law enforcement efforts may be in the offing. The piece, however, also says that the international nature of spam -- and the need to get many nations on board to wage an effective fight -- remains a "massive challenge."


A sour note in the InformationWeek story is that software is available that makes it easy for an "average user," in the words of the story, to launch an attack. (Easy to use criminal tools, apparently, is an unwelcome trend. It is being seen in criminals' efforts to hide from forensic investigators.) The piece doesn't say whether the "Spam For Dummies" software extends to the new PDF variant.


It's safe to assume that PDF spam will proliferate, at least for the time being. IT managers and security personnel should make sure they are up to speed on the topic. Two blogs that are focusing on the technical issues are Chris-Linfoot.net and MoMusings. There certainly will be an increasing amount of information available at technical blogs and security firm sites as time passes. IT departments are well advised to pay close attention.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Jul 18, 2007 10:57 AM Christopher Hart Christopher Hart  says:
The PDF Spam is high annoying and filter out.With mail validation, would it not be possible to have E-mail systems validate the From Name and not just the domain. I realize that it would be loads on mail servers, but why not be able to query the source, and if you get back a Mal Box does not exist, tag it as spam. It would be a slow process for mail server to come up to speed, but al least you would have a better chance of knowing the sender. If not I see the only next logic step is tat w will all need security certificates for our e-mail boxes so that it could again be used for business and communication. Would need to be a paid verified certificate and not a free or self generated. They will need to get way cheaper for that to work. Reply
Jul 18, 2007 5:33 PM David Lineman David Lineman  says:
The Microsoft Outlook rule engine barely works with the simple rule engine it DOES have. I am constantly having to surf the spam folder for emails from people already on my "safe sendors" list. The security community needs to develop plug-ins that work with Outlook and other email programs. It is not up to one vendor to stop this problem. Email security companies are missing a large opportunity for simple tools that would help stem the tide. Reply
Jul 18, 2007 7:11 PM Gwen Ceylon Gwen Ceylon  says:
It would be nice if Microsoft was a little more creative in the rules you can create within Outlook and Outlook Express to block this stuff. I don't want email that is not specifically addressed to me, with my address only in the To: line. And, I should be able to block messages based on the extension of the attached file. Also, I can view the source of the message and see that these emails are being routed from .ru domains, I should be able to filter and block messages based on that. But MS does not build this capability in thier email products. Gwen CeylonRisk Management ConsultantCeylon Security Group, LLCPhoenix, AZ Reply
Jul 19, 2007 9:40 AM Wayne Wayne  says:
Reading the thru the comments already posted just makes me realise just how much the solutions we have in place is helping us catch these threats with no or little management. Do yourselves a favour, go to www.ironport.com and request a FREE evaluation unit...you will not be sorry! Reply
Jul 19, 2007 11:26 AM Danny H Danny H  says:
Our Users alerted the IT Security about getting unsolicited email carying a PDF - they were rightly worried it was potentially viral. Shows how with good awareness of basic email security practice by Users (If you don't know who its from - be careful !) IT can be "Up to Speed" about new forms of spam - we have been now for two weeks. Reply
Jul 19, 2007 2:47 PM Tom Tom  says:
I wonder how much of it is really produced by rouge government agencies in order to get legislation passed which requires a "tax" to send emails. Or, to control the content by putting everyone on monitored access.Governments have historically created chaos, offer a solution and we gullibly accept it. Look up the documentary titled, "TerrorStorm". It will blow your mind. Reply
Jul 31, 2007 4:58 PM Sarah Sarah  says:
With research showing that between 65% to 88% of emails received is considered to be spam, it is no wonder that spam is a big headache for companies, and especially for network admins who have to worry about managing spam and bandwidth! Moreover the spam related frustrations do not seem like they're going away any time soon, especially with spammers getting more creative. PDF spam is the latest trend with lots of people being affected, and it also looks like spammers have already found a newer trends... anyone received any .xls spam lately?? Anyhow, spam will never go away... so it's good to keep informed and update those spam filter. There an interesting white paper around which deals exactly with this issue... what's PDF spam and what to do about it: http://www.gfi.com/whitepapers/pdf-and-image-spam.pdf Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.