New Image Spam Threat Uses PDF Files - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

New Image Spam Threat Uses PDF Files

The PDF image spam is just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites, says Symantec in its monthly spam report.

The good news is that image spam continues to subside, now averaging 14.5% of all spam e-mails in June, down from 27% and 37% in the months of April and March respectively, Symantec reported Monday in its July monthly State of Spam report. At its peak in January, image spam accounted for more than half of all spam. The bad news is that this doesn't mean that image spam is going away, as Symantec is seeing an increase in new spam techniques that reference spam images in different ways.

Image spam uses a graphic embedded in or attached to an e-mail, rather than regular text, because it makes it harder for anti-spam software to detect words that generally send up red flags that the message is a piece of spam.

Image spammers have started an emerging trend known as PDF image spam, which Symantec has seen in two variations. The first is an e-mail with a PDF attachment that appears to be a legitimate stock newsletter. "The newsletter looks professional and does not contain any noise or distortions which would normally be associated with image spam," Symantec reported.

In the second variant, the PDF attached to the e-mail contains a stock spam image, similar to image spam attacks focusing on stocks. The goal is to evade anti-spam filters that depend on being able to read the text of a message, Symantec reported. This variant of PDF image spam was targeted to over 30 million end users in just 10 days, between June 17th and 27th.

But the PDF image spam was just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites. Another popular scam played on the get-rich-quick instinct in e-mail users, offering them a phone number to call in order to access a lump sum of money with seemingly no strings attached. This spam e-mail was targeted to more than 32 million end users between June 7th and 27th.

Product e-mail attacks, at 26% of all spam measured by messages passing through the Symantec Probe Network, are the most prevalent type of junk e-mail, offering or advertising general goods and services. Financial e-mail attacks make up 21% of spam volume and contain references or offers related to money, the stock market, or other financial "opportunities." Sixteen percent of spam consists of Internet e-mail attacks that offer or advertise Internet or computer-related products and services.

Spam has become such a scourge to e-mail users that Google said Monday that it's going to plunk down $625 million to buy Postini, a provider of e-mail security services.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll