Israeli security firm reports huge spike in PDF spam

Computerworld - Israeli security firm Commtouch Software Ltd. is warning of a massive surge in Portable Document Format spam over the past 24 hours.

According to estimates by the company, about 10% to 15% of all spam over the past day or so has been in the form of PDF messages. "Given the fact that these messages are nearly four times bigger than standard spam messages, this increases overall global spam traffic by 30% to 40%," said Rebecca Herson, senior director of marketing at the Israel-based company.

So far, the outbreak has involved 14 billion to 21 billion PDF unsolicited messages and shows no signs of slowing, Herson said.

An analysis of the outbreak over the past six hours shows it to be a truly global zombie-distributed spam attack, Herson said. About 24% of the spam e-mails are from the U.S., 14% are from Taiwan, and China and Russia accounted for 10% and 4%, respectively, she said. In all, PDF spam e-mails are being distributed by computers in 167 countries, she said.

According to Herson, the technique of sending messages as PDF attachments is relatively new and was first detected only a few weeks ago. The current outbreak shows that spammers have widely adopted the technique, she said.

"The popularity of the PDF format for legitimate business communications makes it difficult for traditional antispam solutions to block effectively without causing massive false positives," she said.

Spammers seem to be aware of this fact and don't even appear to be trying to disguise their messages, she said. Unlike image spam messages, which were relatively easy to detect, "these look like standard business letters until you look at the contents and see they are about organ enhancers and stock tips," she said.

The spike in PDF spam comes even as there are reports of a steady decline in image spam, which in January constituted more than half of all spam messages. Symantec Corp., which publishes a monthly spam report, noted a continuing drop in image spam to just over 16% of all unwanted messages in May, compared with 27% in April and 37% in March.

"The drop in image spam this year has been significant," Doug Bowers, senior director of antispam engineering at Symantec, said in a statement accompanying the release of the report. "It's clear that spammers are focusing on other techniques such as using links to hosted images to try and get their messages through."

As a result, the spike in PDF spam reported by Commtouch is not surprising or unexpected, Bowers told Computerworld. "One of the things we have noticed is that spammers are going to poke around one way or the other" to break through antispam efforts, he said. Although spammers have been using PDF messages for some time, it is only recently that the growing number of such messages has pointed to a trend, according to Bowers.