 Spammers
switch from Images to PDF attachments. 23/07/2007 |
Foiled
by increasingly accurate and advancing corporate spam filters such as these
used by ArmourPlate, spammers are now dumping PDF files in their bulk
emailings, according to the latest data from security firms.
Image
spam, which at the beginning of the year accounted for nearly 60 per cent of
all junk email, has dropped and now accounts for only about 15 per cent of
spam.
Taking
its place, the number of junk email messages using an attachment in PDF format
has increased since mid-June, accounting for as much as a third of spam.
The
flow of different types of spam is an indicator of the arms race between
spammers and network defenders such as ArmourPlate. Image spam took off in late
2006, primarily as a way to tout penny stocks and manipulate the volatile
over-the-counter markets. Yet, other types of spam, advertising products from
fraudulent pharmaceuticals to sexual enhancement devices, soon started using
embedded images as well. The growth of image spam peaked earlier this year,
making up as much as two-thirds of all spam in January.
ArmourPlate
has adapted to the attack, however, detecting the unwanted images and blocking
them.
The
better filtering has led spammers to change tactics and experiment with PDF
files.
While
security firms agreed that PDF files started regularly appearing as spam
attachment about mid-June, estimates for the volume of PDF spam varied somewhat
between companies. Studies estimate that about 30 per cent of all spam now uses
PDF files.
Security
firm McAfee had a more modest estimate that 2.6 per cent of all junk email
messages carried PDF files. While Symantec has found the fraction varies
between two and seven per cent.
"The spammers are doing the
old cat-and-mouse game," said Guy Roberts, senior research manager for
anti-spam at McAfee. "Vendors have caught up to spammers and detection is
pretty good for image spam, so (the spammers) are changing tactics in order to
get their message across."
The
growth of spam email messages with PDF attachments have also caused the total
bandwidth of spam to grow quickly, because PDF files tend to be much larger
than the GIF images that the files are replacing.
From
a spammers point of view, the strength of PDF is that many companies require
that their email systems allow the documents to be passed to the user as many
companies deal with this format more and more. Because PDFs are ubiquitous in
the business world, such attachments are more likely to reach the users.
While
moving unwanted advertisements from images to PDFs may make it more likely that
the message reaches the intended recipient, whether or not that person opens
the attachment is another question. We would advise uses not to open PDF
attachments that have been sent by unknown senders.
In
the end, if PDF spam cannot deliver more eyeballs to spammers, the trend may
end up being a short-lived phase.
Story
Source: Security Focus
|
CONTACT
US
]
