back to article Spammers dump images, switch to PDF files

Foiled by increasingly accurate corporate spam filters, spammers have dumped pictures for PDFs in their bulk emailings, according to the latest data from security firms. Image spam, which at the beginning of the year accounted for nearly 60 per cent of all junk email, has plummeted and now accounts for only about 15 per cent of …

COMMENTS

This topic is closed for new posts.
  1. Dan White

    PDFs? Old news mate...

    I've noticed in the last week that the PDFs have virtually stopped. Now I'm getting hundreds of Excel files called "<random-word> invoice.xls".

    Over the weekend these switched to zipped Excel files, presumably to try and foil content scanners.

  2. voshkin

    multiple ways to obfuscate PDF files

    It would not be that difficult to detect these, for one, this is a vector format with a small, raster graphic. Usually, when people embed raster graphics into PDFs they include full page scans, or, raster graphics as part of a presentation with text.

    You can employ the same methods used to combat image attachment spam with the PDFs – just treat the PDF as another message, and have a look inside.

    What will happen next, though, is that the spammers will learn postscript, and start obfuscating the content of the PDF files, the same way they done it before with HTML and plaintext emails. There are multiple ways to obfuscate PDF files, from encryption to multiple ways of braking up vector shapes to form text and graphics. Potentially, unless blocked completely – PDF has the potential of becoming THE choice format for spammers ;-(

  3. Anonymous Coward
    Anonymous Coward

    Nuke the spammers, not just their individual messages.

    ""We are interested in seeing if this is really effective in getting a spam message, not just delivered, but also read," Bowers said."

    That's not really relevant. A spam becomes a nuisance if it passes through the spam filters and the enduser has to make a decision on whether to read it or not. Whatever their choice, it is entirely irrelevant to its nuisance value.

    Spam needs zero tolerance. The only way to deal with these miscreants conclusively is to insist that the perpetrators be identified and to bring back the death penalty for a second or subsequent offender.

  4. Jason Hall

    pdfs

    Wow... I must have the slowest spammers ever.

    Only over the last week have I even started receiving pdfs as part of my daily spam regimen.

  5. Anonymous Coward
    Anonymous Coward

    Slow spammers

    Jason wrote: 'Wow... I must have the slowest spammers ever.'

    I think it's time you considered switching your spam provider.

    If you haven't been receiving the latest spam, it's quite possible that you're unaware of the volume of cheap inkjet cartridges, Viagra and eyewatering pornography that's out there.

    Fortunately there's an easy solution to your problem. In today's free market there are literally THOUSANDS of spammers using the very latest technology to make sure THEIR message gets to YOUR mailbox.

    Just send me your email address, I can do the rest. (A ($1,000,000) ONE MILLION DOLLAR administration fee may apply, but this can be offset against your new found wealth just waiting in your Nigerian bank account (details on application).

  6. Col

    Re: Nuke the spammers, not just their individual messages.

    "Spam needs zero tolerance. The only way to deal with these miscreants conclusively is to insist that the perpetrators be identified and to bring back the death penalty for a second or subsequent offender."

    Nah, a sliding scale: death for a second offense, with the penalties getting steeper for subsequent convictions...

  7. Bill Coleman

    Guilty by stupidity

    Why stop at jailing spammers? there wouldnt be a problem if it wasnt for idiots running windows 98/2000/mistake edition/ with no firewall or virus protection and clicking on every x-rated flashing banner they find. I say jail the spammers and fine the bot net people... the internet is a shared resource, if you are too stupid/ignorent to use it safely then you should be denied access or at least punished severely!!

    ...no seriously though, a government public education program combined with state funded virus control freeware would be more effective in the long run then this tit for tat fire fighting.

  8. Jan Buys

    re: Nuke the spammers

    I totally agree. They are single-handedly destroying what should be one of the best connectionless communications channels.

  9. Dillon Pyron

    Already gone?

    About 30% of the spam that hit me in June was PDF. About 30% this month is PDF. My filters have successfully adapted and are catching most of them. I haven't seen a single Excel spam.

    Who would even bother opening an email for Hector with the subject "moonlight weights abounding"? Never mind. I can name more than a few.

  10. Ed

    Excel Spam

    I've had quite a lot of excel spam at the end of last week, maybe 10 a day for a few days, but not much over the last few days... At least with PDF and XLS spam, I don't accidentally read the them...

  11. Anonymous Coward
    Anonymous Coward

    "Already gone?" & Who is responsible?

    Dillon - what spam filter system are you using? Be interested to hear of a good one.

    Responsibility

    I remember a customer having their dial up connection authentication suspended; Freeserve had noticed traffic from his computer associated with virus/trojans and taken the sensible step of cutting him off.

    A reinstall later and all was well.

    I think ISPs ought to be given small tax incentives to cut off compromised computers, assuming and only IF they write to the punter to explain first!

  12. Dan Field

    PDF Spam

    PDF spam is fairly easy to filter out... We have been automatically blocking it now for a couple of weeks (At www.ClearMyMail.com). Over the last few months the spammers have become a lot more professional in their methods.

    They are testing and monitoring various new techniques, the PDF spam is just one of the many ways they are trying to get ahead of the spam filters. They are using methods that direct mailers have used for years... testing and evolving the methods that get the best response.

    They are currently testing office type attachments. Excel & word files that claim to be invoices for example. These types of attachments cannot be blocked by type and need further investigation by the spam filter to determine what the content is.

    Its a constant battle between the spam filters and the anti-spam companies, one that we aim to keep in the lead of!

    Dan FIeld

    ClearMyMail Ltd

  13. A J Stiles

    Ministry for Information Technology

    A new Ministry for Information Technology would be an excellent idea. We could actually make RFCs law, and oblige ISPs to disconnect users whose machines are so badly configured as to compromise the security of the network.

    However, the best thing a hypothetical new Ministry for Information Technology could do would be to mandate that *all* software is to be made available in Source Code form, whether or not it is intended to be distributed by users.

    Concealing the Source Code has done *nothing* to prevent widespread unauthorised copying of Windows and Office. It has, however:

    * Wasted countless person-hours as people, denied the ability to adapt the software to suit the way they do business, have been forced to adapt the way they do business to match what the software expects.

    * Created a situation where drivers for devices soldered to the SAME motherboard can conflict with one another, because the drivers are being written by people who do not get to see each other's code and hence are not able to check for hidden pitfalls they might be creating for each other; and where accidentally-stumbled-upon hidden APIs can be used for mischief.

    * It has also created a situation where hardware manufacturers can decree obsolescence by stopping providing drivers for new Operating Systems (if the Source Code were available, drivers could easily be written), and make inaccurate claims which cannot be disproved because the Source Code is hidden (e.g. the use of a 2Mpx sensor in a so-called "6 megapixel" digital camera, whose firmware then creates JPEG images containing the claimed number of pixels; the source code for converting the RAW image format would reveal this duplicity, hence it is kept hidden from users).

    * It has tied customers to vendors by creating artificial barriers; the reason why there is no credible competition for MS Office is the closed save-file format, which is hard to decipher without information which Microsoft deliberately withhold and which Microsoft change with every release to thwart competitors (and to persuade users of older Office versions to update to the latest version, for no better reason than because they can no longer load files saved by their contacts using the latest version; old versions of Microsoft software pose a greater threat to Microsoft than Open Source).

    If Microsoft, Adobe and all the rest of the Closed Source vendors don't like it, then let them go and jump. Users outnumber vendors; and our right to inspect and modify the Source Code of programs we run on OUR computers must trump their right to keep secrets and tell lies. Perhaps a few years ago, consumer power alone would have been enough to create a regime which was favourable to users at the expense, if necessary, of rich corporations; but today, ONLY a government can do this.

    Even if the players decided to "take their ball home" and stopped selling their wares in the UK, the resulting setback to the UK's IT industry would be only a temporary one; and, following the recovery, we would be in a far better position than countries where the bully-boy tactics of the big closed-source vendors were still being tolerated.

  14. tim

    Title

    We too have a slow spam provider (or our filter are working quite well) However the only two of these I have seen have contained only random text without trying to sell anything.

  15. Dam

    Re: pdfs

    Quote:

    By Jason Hall

    Posted Monday 23rd July 2007 11:20 GMT

    Wow... I must have the slowest spammers ever.

    Only over the last week have I even started receiving pdfs as part of my daily spam regimen.

    --

    Ah no, you don't, that would be me.

    I ain't received a PDF spam yet.

This topic is closed for new posts.