PDF Spam Attack
Wednesday June 27, 2007
When I opened my email this evening and got bombarded with several suspicious PDF attachments, that's exactly how it felt - a PDF Spam Attack. My first inclination was to consider there might be a new exploit about. So I went searching for clues and came across Nick Kelly's (McAfee) blog post from earlier today.
It turns out that pump and dump stock scammers are turning to PDFs because sending spam as an image file makes it easier for spam filters to stop the unwanted mail. On the one hand, PDF spam is kind of nice because now I can just delete the email without ever having to so much as see the contents. But the darkside is, the spam is now just that much bigger and could tip the balance if your mail account has a low waterline. As a .GIF, the pump and dump image would have weighed in at about 8k tops. But as a PDF it swells to 3x the size because, well, that's what PDFs do.
I guess I can at least say I'm on the cutting edge of a trend, but if PDF spam is the future I'd just as soon be out-of-date.
Comments
God would I love to meet a spammer! The pain I would put on them would please me for a lifetime!
It was just a matter of time before this happened. Now PDF documents run the risk of being filtered out by some admins. That would suck as many documents that used to be sent via fax are now pdf(ed) and emailed.
Alex
This stuff has been swamping our mail server the last few days. Literally gigabytes of it (maybe a thousand accounts)
A good way to block these junk PDF’s is to set up a rule in Outlook. All of the junk that I have received has a Subject that names the pdf file. So, go into Rules in Outlook and create a rule that moves all email with a subject that includes “.pdf” into a new folder (I called my new folder PDF Junk. You can then reviewq the PDF Junk folder occasionally to see if anything got caught that shouln’t have. So far, mine has worked perfectly.
Great tip, John! Thanks for posting it!
I get 7-10 spam .pdf files a day now. I am glad to know what they are. I just delete them, but did wonder if they were a new virus, worm, trojan or something buried in them now. That would be to scary.
(disclaimer we make an anti-spam product)
The problem with subject rules like that is you still download the spam and it still consumes bandwidth/storage. It’s best to contact your ISP/Admin or whatever and have them block it at the point of entry. Most likely they are using some type of filtering software or appliance and should have the means to do so.
What morons. The element of surprise might have worked on the uninfomed the first time around…but getting 10 or more of these a day. There are very few people dumb enough to fall for that.
“very few people” are dumb? How many? Lets guess: one percent?
1% of a 400 million makes four million dumb people, which get their pc infected und spreading further viruses and spam. Each of those infected pcs may send as many as 1 mail per second (with broadband connection). Lets assume half of them have broadband, so that makes 172.800.000.000.000 junk-mails a day!!!
Well, maybe I exaggerated, an there are only 0,01% dumb people, but that’s still a LOT of Junk!
Wow!
I am getting more than 20 PDF spams a day since last week. Hopefully, I have now signed to Intomic antispam and most of them are filtered out.. Just wondering what will be the next stupid idea spammers will find - hey: who does really buy from their offer anyway? Russell: I fully agree with you…
Someone please tell me who stimulates these idiots to continue? I am going to whitelisting, i’m done with this insanity!
The 1% who actually think they can outsmart a snake! If you play with snakes… you’ll eventually get bit.
I also tried the Outlook filter looking for .pdf in the subject but the spammers have quickly stopped putting in a subject. Anyone know how to create a spam filter rule in Outlook to stop PDF file attachement emails from someone who is not in your address book?
PDF spam is fairly easy to filter out… We have been automatically blocking it now for a couple of weeks (At www.ClearMyMail.com). Over the last few months the spammers have become a lot more professional in their methods.
They are testing and monitoring various new techniques, the PDF spam is just one of the many ways they are trying to get ahead of the spam filters. They are using methods that direct mailers have used for years… testing and evolving the methods that get the best response.
They are currently testing office type attachments. Excel & word files that claim to be invoices for example. These types of attachments cannot be blocked by type and need further investigation by the spam filter to determine what the content is.
Its a constant battle between the spam filters and the anti-spam companies, one that we aim to keep in the lead of!
Dan FIeld
ClearMyMail Ltd
I just don’t get what the purpose is. Will anyone actually buy from an ad they receive this way?