Security Park confirms something I suspected a couple of weeks ago:

A new form of spam disguised as an Adobe Picture Document Format (PDF) attachment has been reported. The spam takes on the appearance of a legitimate business email containing an attached PDF file.

The PDF features the file name ‘username_report.pdf’ - the username in the file name is the same as the email recipient’s name (taken from their email address). The personalisation of the attachment file name makes it appear more legitimate.

The new spam technique was first used in a recent pump ‘n dump spam outbreak that promoted a German company’s stock. According to the Marshal TRACE team, we can now expect to see ongoing use of PDF attachments to communicate spam messages.

“Spammers are struggling to find ways to fool spam filters and get their messages into people’s inboxes,” said Bradley Anstis, Director of Product Management, Marshal. “Using a PDF file as the vehicle for the spam message is an attempt to do just that, as spammers believe that many anti-spam solutions largely ignore PDF files.

“As we recently reported, pump ‘n dump spam has declined dramatically and part of the reason for this is overuse of this method. Users are more savvy and can more readily identify a financial scam. With the recent PDF spam outbreak, the spammers have attempted to add credibility and legitimacy to their messages in an attempt to fool users,” said Anstis.

“The fact that the message contains a PDF attachment, which is a very common business-related file format, is designed to lower the recipient’s suspicions that the message might be spam. We are expecting to see a lot more of PDF spam. The recent pump ‘n dump spam case promoting the German company’s stocks marks the beginning.”

According to Anstis, in the past, spammers avoided this kind of spamming method because attaching file types like PDFs greatly increased the size of the message. Historically spammers used their own servers to send out spam and were inclined to keep the spam size small, enabling them to send out more messages.

Now with the widespread use of zombie networks and spambots, the spammers are less concerned with the size of the message. The spammers have tens of thousands of infected PCs at their command and are able to move large volumes of spam of this type.

At least it’s not a virus, though with PDFs, it’s easy enough to embed a URL that’ll go to a virus-laden site.

This entry was posted on Tuesday, July 3rd, 2007 at 2:48 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.