If you are like me and have several different mail accounts you have probably noticed an increase in new unfiltered spam massages in your inbox. The latest scam in spam technology is called pdf-spam. It’s the next generation of pump and dump schemes where spammers inject the content of a typical image-spam message into a pdf file and send it out.

MX Logic a company that offers managed email and web security services, actively monitors what’s going on with their email systems. As a result they saw an increase of 25% compared to their usual spam volume. All of this new wave of spam attacks are directly attributed to new pdf-spam messages.

“We have started to see pdf-spam a couple of weeks ago, yesterday was different, the overall spam volume spiked with an additional 25% compared to the usual. Most of the pdf attachments had text injected messages, which are easier to filter due to heuristic and other type of analysis. However we expect that spammers will quickly use images to injected in their pdf attachments since they are trickier to get rid off, ” said Sam Masiello, director of threat research, MX Logic,

The evolution of spam

Spammers are moving towards pdf attachments because most companies got pretty good at filtering and detecting image based spam. So what’s next on the spam front? “Embedding malware such as keyloggers into pdf files is certainly a possiblity,” added Masiello. If your email scan engine doesn’t scan pdf’s - now would be a good time look at some of the vendors that offer that. Image spam was around for about 12-18 months, the volume of image based spam is actually declining, now that most organizations found a way to combat that, spammers move on to the next thing - in this case it’s pdf. But it’s only going to be a question of time until product vendors catch and offer a solution to fix that as well.

What can organzations do?

Besides from having a multi-layered approach, meaning you should have more than one filtering and scanning system, so if one system fails there others to catch the spam - technology can only do so much. In the meantime, Masiello said that “the right combination of technology and education is required to make users aware of what’s out there. They need to know what they should look for when they encounter a threat. For example don’t click on attachments from people you don’t know.”

See also:
SPAM: It’s a Security Thing

Enter your email address to get Hack Report news via email:

1 Comment(s)

Comments RSS TrackBack Identifier URI

Leave a comment

Name (required)

Mail (will not be published) (required)

Website