Spammers use PDFs to beat filters

By

Spammers are increasingly adopting PDFs as a new technique in the war against spam filters.

Spammers use PDFs to beat filters
Security researchers first spotted PDF spam at the beginning of June, and by the end of the month it was making up three to four percent of all spam.

The levels had reached six to eight percent by July and occasionally hit rates close to 20 percent.

"If PDF spam evolves like image-based spam we have to prepare for the possibility that PDF spam could account for 20 per cent or more of all spam," said Ralf Iffert, a researcher at IBM's X-Force threat analysis service.

"In fact, we may see this kind of volume increase happen much faster than the two-year rise of image-based spam."

Image-based spam rose to prominence last year after filtering software became much better at recognising text spam using keyword filtering and heuristics. Image spam then moved swiftly to make up the majority of spam picked up by filters.

But most spam filters are unable to check the content of PDF documents, and the spammers are increasingly adopting the technique. As PDFs are also traditionally a business tool, many spam filters are automatically configured not to block them.

One of the first PDF-based spam campaigns involved a pump-and-dump stock scam picked up by Nick Kelly at McAfee's Avert security labs.

"We predicted the appearance of PDF-based spam because .pdf files can be more easily automated than other document formats," he said.

"As .gif-based image spam continues to decline, we expect that spammers will continue to try similar methods of sending image based spam."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
beatfilterspdfssecurityspammerstouse

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?