New Image Spam Threat Uses PDF Files - InformationWeek
Software // Enterprise Applications
03:44 PM

New Image Spam Threat Uses PDF Files

The PDF image spam is just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites, says Symantec in its monthly spam report.

The good news is that image spam continues to subside, now averaging 14.5% of all spam e-mails in June, down from 27% and 37% in the months of April and March respectively, Symantec reported Monday in its July monthly State of Spam report. At its peak in January, image spam accounted for more than half of all spam. The bad news is that this doesn't mean that image spam is going away, as Symantec is seeing an increase in new spam techniques that reference spam images in different ways.

Image spam uses a graphic embedded in or attached to an e-mail, rather than regular text, because it makes it harder for anti-spam software to detect words that generally send up red flags that the message is a piece of spam.

Image spammers have started an emerging trend known as PDF image spam, which Symantec has seen in two variations. The first is an e-mail with a PDF attachment that appears to be a legitimate stock newsletter. "The newsletter looks professional and does not contain any noise or distortions which would normally be associated with image spam," Symantec reported.

In the second variant, the PDF attached to the e-mail contains a stock spam image, similar to image spam attacks focusing on stocks. The goal is to evade anti-spam filters that depend on being able to read the text of a message, Symantec reported. This variant of PDF image spam was targeted to over 30 million end users in just 10 days, between June 17th and 27th.

But the PDF image spam was just one of a litany of creative attempts to fool e-mail users into downloading malware or visiting phishing sites. Another popular scam played on the get-rich-quick instinct in e-mail users, offering them a phone number to call in order to access a lump sum of money with seemingly no strings attached. This spam e-mail was targeted to more than 32 million end users between June 7th and 27th.

Product e-mail attacks, at 26% of all spam measured by messages passing through the Symantec Probe Network, are the most prevalent type of junk e-mail, offering or advertising general goods and services. Financial e-mail attacks make up 21% of spam volume and contain references or offers related to money, the stock market, or other financial "opportunities." Sixteen percent of spam consists of Internet e-mail attacks that offer or advertise Internet or computer-related products and services.

Spam has become such a scourge to e-mail users that Google said Monday that it's going to plunk down $625 million to buy Postini, a provider of e-mail security services.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll