Software // Enterprise Applications
News
7/9/2007
03:44 PM
Connect Directly
RSS
E-Mail
50%
50%

New Image Spam Threat Uses PDF Files

The PDF image spam is just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites, says Symantec in its monthly spam report.

The good news is that image spam continues to subside, now averaging 14.5% of all spam e-mails in June, down from 27% and 37% in the months of April and March respectively, Symantec reported Monday in its July monthly State of Spam report. At its peak in January, image spam accounted for more than half of all spam. The bad news is that this doesn't mean that image spam is going away, as Symantec is seeing an increase in new spam techniques that reference spam images in different ways.

Image spam uses a graphic embedded in or attached to an e-mail, rather than regular text, because it makes it harder for anti-spam software to detect words that generally send up red flags that the message is a piece of spam.

Image spammers have started an emerging trend known as PDF image spam, which Symantec has seen in two variations. The first is an e-mail with a PDF attachment that appears to be a legitimate stock newsletter. "The newsletter looks professional and does not contain any noise or distortions which would normally be associated with image spam," Symantec reported.

In the second variant, the PDF attached to the e-mail contains a stock spam image, similar to image spam attacks focusing on stocks. The goal is to evade anti-spam filters that depend on being able to read the text of a message, Symantec reported. This variant of PDF image spam was targeted to over 30 million end users in just 10 days, between June 17th and 27th.

But the PDF image spam was just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites. Another popular scam played on the get-rich-quick instinct in e-mail users, offering them a phone number to call in order to access a lump sum of money with seemingly no strings attached. This spam e-mail was targeted to more than 32 million end users between June 7th and 27th.

Product e-mail attacks, at 26% of all spam measured by messages passing through the Symantec Probe Network, are the most prevalent type of junk e-mail, offering or advertising general goods and services. Financial e-mail attacks make up 21% of spam volume and contain references or offers related to money, the stock market, or other financial "opportunities." Sixteen percent of spam consists of Internet e-mail attacks that offer or advertise Internet or computer-related products and services.

Spam has become such a scourge to e-mail users that Google said Monday that it's going to plunk down $625 million to buy Postini, a provider of e-mail security services.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.