Data Centers

PDFs become vehicle of choice for spammers

I don't know whether everyone else is noticing the same thing, but I'm seeing a steady increase in the amount of PDF spam. Along with this, the number of attempted deliveries (bounce and dictionary based) has increased a great deal.

The PDFs are fairly plain; a white background, small amount of text, and no graphics at all. So far all of the examples I've seen are trying to pump the stock of a company I've never heard of. Just as image spam levels have started to drop off, PDF spam has come along to take it's place!

From the spammers point of view PDF documents would seem to be a good choice with a majority of companies now using them for read-only document exchange, invoicing, and reporting. This means that mail administrators can't ban PDF attachments outright. Most of the PDF files used in the recent bouts of spamming seem to be the same, so checksums and additional filter rules may be able to stop them. It must only be a matter of time before we start seeing dynamically generated PDF documents? I don't think any of the popular anti-spam filters are able to analyse the contents of PDF documents just yet, so for a short while the spammers hit rates may improve.

Most computers have a PDF reader of one form or another installed. It's a file format that Mac, Linux, and Windows users are familiar with and generally trust. With exploitable vulnerabilities in popular PDF readers, I think the PDF document will have some tough times ahead.

Editor's Picks