Where did the PDF spam go?

The original wave of PDF spam seems to have come and gone.

For a while I was getting up to about 15 PDF messages daily. Now it's down to more like four or five.

The experts at BitDefender have noticed the drop in PDF spam also. They go as far as to offer a specific theory on the decrease. They suggest that users have gotten wise to the ploy and are failing to click on the PDF files.

BitDefender earlier determined that the source of much of the PDF spam was the modification of an existing worm.

I'm not sure if I totally agree with their reasoning on why the amount of PDF junk mail has fallen though.

Even if the worm was the source of the spam, almost all the messages seem to come from a specific party using the worm. They utilized it to send very distinct looking stock spam embedded within the PDF. In addition to just encapsulating the message text within the PDF, they represented it as a graphic of highly randomized fonts with added noise. This would seem to make detecting the actual message content near impossible for anything other than a human set of eyes.

Fortunately, other message traits have allowed SpamButcher's code for filtering email to figure out if a message was part of this particular spam campaign. However, the value of this code is now questionable since the campaign is no longer that active.

This particularly prolific campaign seems to have vanished for reasons not entirely clear. Perhaps they successfully boosted the price of their target stock, sold it and decided to quit while they were ahead.

The remaining PDF spam is somewhat more mundane. Often it seems to be simple text embedded in a PDF. If nothing else, these messages would be very easy to generate. Existing open source software could automatically convert plain text into the PDF file. SpamButcher (and presumably most anti-spam products) still aren't capable of literally reading PDF's - so this approach may still successfully improve deliverability.

Back