Spam is getting more sophisticated, says MessageLabs

News

Spam is getting more sophisticated, says MessageLabs

Nick Booth

A new security study reveals that PDFs are becoming the weapon of choice for malevolent spam senders, as the file format frequently slips past security checks. In another twist, spam is increasingly being despatched to the non- profit sector, as charities and public bodies became more viable targets.

MessageLabs' Intelligence Report July 2007 noted increased adoption by more professional spammers who are now modifying the PDF files to bypass detection.

"Though PDF files have traditionally been a trusted type of e-mail attachment, we are beginning to see an increase in use for sinister activity," said Mark Sunner, chief security analyst at MessageLabs.

Approximately 20% of all image spam now involves PDFs. These days many PDF documents are created programmatically, with their document protection settings enabled. This gives them a better chance of bypassing detection by typical anti-spam scanners, said the MessageLabs report. They are also more likely to contain 'Bayes Poison,' long lists of randomly selected words never associated with spam, allowing the message to avoid detection.

"With a nearly 10% increase in malware this month, we believe this threat could become more malicious with the potential for spammers to embed malware in the PDFs, which would be automatically downloaded to the victim's computer," said Sunner.

Spammers tweak Storm worm to push PDF spam >>

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy