A new security study reveals that
PDFs are becoming the weapon of choice for malevolent spam
senders, as the file format frequently slips past security checks.
In another twist,
spam is increasingly being despatched to the non- profit
sector, as charities and public bodies became more viable
targets.
MessageLabs' Intelligence Report July 2007 noted increased
adoption by more professional spammers who are now modifying the
PDF files to bypass detection.
"Though PDF files have traditionally been a trusted type of
e-mail attachment, we are beginning to see an increase in use for
sinister activity," said Mark Sunner, chief security analyst at
MessageLabs.
Approximately 20% of all image spam now involves PDFs. These
days many PDF documents are created programmatically, with their
document protection settings enabled. This gives them a better
chance of bypassing detection by typical anti-spam scanners, said
the MessageLabs report. They are also more likely to contain 'Bayes
Poison,' long lists of randomly selected words never associated
with spam, allowing the message to avoid detection.
"With a nearly 10% increase in malware this month, we believe
this threat could become more malicious with the potential for
spammers to embed malware in the PDFs, which would be automatically
downloaded to the victim's computer," said Sunner.
Spammers tweak Storm worm to push PDF spam
>>
Comment on this article:
computer.weekly@rbi.co.uk