[Infowarrior] - PDF Spam Outbreak
Richard Forno
rforno at infowarrior.org
Thu Jun 28 11:50:33 UTC 2007
(I've seen this myself recently and can confirm it's "noticeable increase"
on the Net........rf)
PDF Spam Outbreak
Tuesday June 26, 2007 at 8:44 am CST
http://www.avertlabs.com/research/blog/index.php/2007/06/26/pdf-spam-outbrea
k/
A large ³pump-and-dump² stock spam campaign is underway, but rather than
including the content of the spam in an image file, this campaign includes
the spam content within a .PDF file. The stock spam is believed to be sent
from Stration infected computers, as this spam campaign closely followed a
new W32/Stration worm mass-mailing which contained a number of .PDF files,
and Stration has been associated with pump and dump spam in the past.
The current spam contains one or more .PDF files, has a randomly generated
subject line and sender name, and a blank message body. The .PDF files
contain images which look very similar to previous image based stock spam.
PDF Image spam
The appearance of PDF-based spam was predicted by AVERT in the article
³Email Spam Plague Persists² in the latest SAGE report, as .PDF files can be
more easily automated than other document formats. This prediction appears
to be holding true, and as .GIF based image spam continues to decline we
expect spammers will continue to try similar methods of sending image based
spam.
< - >
....which means, as Mary Landesman writes at About.Com,
"It turns out that pump and dump stock scammers are turning to PDFs because
sending spam as an image file makes it easier for spam filters to stop the
unwanted mail. On the one hand, PDF spam is kind of nice because now I can
just delete the email without ever having to so much as see the contents.
But the darkside is, the spam is now just that much bigger and could tip the
balance if your mail account has a low waterline. As a .GIF, the pump and
dump image would have weighed in at about 8k tops. But as a PDF it swells to
3x the size because, well, that's what PDFs do."
More information about the Infowarrior
mailing list