Spammers use PDFs to beat filters

By

Spammers are increasingly adopting PDFs as a new technique in the war against spam filters.

Spammers use PDFs to beat filters
Security researchers first spotted PDF spam at the beginning of June, and by the end of the month it was making up three to four percent of all spam.

The levels had reached six to eight percent by July and occasionally hit rates close to 20 percent.

"If PDF spam evolves like image-based spam we have to prepare for the possibility that PDF spam could account for 20 per cent or more of all spam," said Ralf Iffert, a researcher at IBM's X-Force threat analysis service.

"In fact, we may see this kind of volume increase happen much faster than the two-year rise of image-based spam."

Image-based spam rose to prominence last year after filtering software became much better at recognising text spam using keyword filtering and heuristics. Image spam then moved swiftly to make up the majority of spam picked up by filters.

But most spam filters are unable to check the content of PDF documents, and the spammers are increasingly adopting the technique. As PDFs are also traditionally a business tool, many spam filters are automatically configured not to block them.

One of the first PDF-based spam campaigns involved a pump-and-dump stock scam picked up by Nick Kelly at McAfee's Avert security labs.

"We predicted the appearance of PDF-based spam because .pdf files can be more easily automated than other document formats," he said.

"As .gif-based image spam continues to decline, we expect that spammers will continue to try similar methods of sending image based spam."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?