Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Image Spammers Utilize PDF



 By: Brian Prince
2007-07-18
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Security vendors are reporting a new trend in spam in which images are embedded in PDFs.

Security vendors warn image spammers are increasingly using PDF files to bypass spam filters.

Researchers at BorderWare Technologies, based in Toronto, reported that on any given day more than 30 image spam campaigns are being run, with more than half of those being PDF-based.

The findings come as a number of vendors have reported that the amount of image spam has declined in favor of PDF spam. A Commtouch report for the second quarter of the year found that image spam had dropped to less than 15 percent of all spam, compared with 30 percent in the first quarter of 2007.

Resource Library:
Rebecca Herson, senior director of marketing at Commtouch, said image spam had dropped overall because of increased enforcement attention to stock scams and improved spam filtering technologies.

"Well, it took some time for them to catch up, but many anti-spam filters now can block most image-based spam," she said.

Click here to read about whether there has been any significant decrease in "pump-and-dump" investment spam.

Still, she said, researchers have been seeing PDF spam that looks like image spam, but the images have been turned into PDF files.

"What I mean by this is that it is the same types of randomized images that we were seeing previously, with all the font tricks, background noise, different colored pixels and so on," Herson said. "But instead of sending the images as GIF or BMP, the spammers are taking it a step further and creating PDFs out of the images."

The tactic works because many messaging security tools are not effective at detecting images in the PDF form. Filtering PDF spam in general can be problematic for many security tools because a PDF file is complicated and contains a lot of information, in many formats, said Andrew Graydon, CTO of BorderWare.

"Typical solutions look at the file type and decide which internal processing queue to put it on," he explained. "If it is a text-based file they run the queue through a content scanner looking for text, and utilize simple dictionaries to detect a match," he said.

"If the file type is an image file, then they use a different queue and a different scanner. The problem with a PDF is in the mixture of content that is within the file," Graydon said.

How are phishers using spam attacks to snag high-level executives personal data? Click here to read more.

"A single file can contain text, images, files, links, JavaScript, or pretty much any embedded content which is a very powerful combination for spammers or hackers to bypass traditional filters, and this is not the last exploit we will see from this format," he said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Image Spammers Utilize PDF
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xmw( s %IH=Itg{`6IyO/Ϻ[%o $tzub[RT*JR ?Jptô1f%c}:I<Λ7o}L9UQ#3W)92 EnncR;^ kGx6)oD&/ #j (K&OxkNlN1ečz97\3Ѣe'Eپ2$ȁyO`nzN<Qǚ] ( G;iHߢ0ȱ7?Sf8ALǩM}a >"J4EhDwu[gb]ױ}ǣ&&d -{~0k QC%$w=,5Qj)aFw?LI$lǦ"Ue֯|sfqDf; wE-'l,R"ۄ@X?} $OLE&sˑ,Fpf0 -sxWi JZUQjAP98Dƒi΃oġq CgnXo[B)(ݫu> ?th;Ƞm)x]׊!teUcOZ]dO#t:+?fV'_ZUկlo!qj{ PeP{pHjPRs~<>]$R/'$'mDO{_ `HmDm[ܺʑ\R˽aXX}Mr=bOErj~#J}ݸ^`3h{q#%IAg =sOsR/ud[I%7KV'^ӛA/-uB]+ M֘lKM-=%/ՔE"JMo`8Wt"CɣhKlZ?Lpʻ؈a}5G0^ܰ킡[*+'#SV-iVǰZϪc3 L 4 gC~0Ml(6 g3Sq:hzE>^>OW p>h-D.M{ \i YD83[-ϢAE-4$qxS0uXVƎ< kKf>F} `+zpgI}єaӘ30|qq$kAQQ xHMfOuo8Ǿ$o+:#HIF.4Ye n,A@z"RTj%45*RfE`q/8L]:6x_8܉WQo>)}zK]W>snW}G>8O-ä&-;hX@_g $$FG` R*%)^c0]*W*h30=6_n?!'|P,W`1pv!'VC89g& AL &Jt yB\U4Ueawg*Q :@5gta{0 X]Q&S9Rxs޹e=WN "ڟskx豸6] QD|`La]StXguuUV*{f:{omhD1(dyD4@/q8bi N, ӁZFB-b>*ZĦ)3Q/΀ے}tK ף~ !B.ܒ(t]42210'v ӽ'jD@KYJ7ᝬjCUNJZZ$t`1[m:Jw㭃d:iԧk\3hCtfa_j;ܝ׍>0L;HM;VJrÎw|L4 h#uL9(W>zm}4~WK01`Ggm+z+9eI폤sO NAv*}hq_,]5慰qpQ\iuz{D&aP;D^7gT-4!ć{Y^#y8 1PR$%M(I[`deև%yєyjj : SBt (2yO P2'I^VR6T$4%!44b"C+Ro{ݼڜ,7<ѭަmxzIuc!MY+4$/i\A1'͋p ,G7lb&%h8gJW!9 ><9Gs`¸*G传 ;GNÊĖ;S f'm{X'M{q?I8:Gw*bL_@ٮpne1G|۷sFgU\;-S}NX>zzv`蚳)/.M cj ~]  Js78{JnM< g661CN;#͋^4>A ɏ$U t{D/{5s*<+sǽNlt`⾕h7m{ zct7I~%/vؽiamUzxX J}~l't:D(jSakwȪ̅Sۉ~g#S^q:-< &i]%3 =Oki^괸 u4l>ޮ3}C]~lڙ߫A'zX<}]bwSȤ{\/o)p>93jd2E3Z,U*?0DI=]abq:s\R"=L[0a|clblZ[ߍa=rByRz[˥>MpS(GCY)_Zt{RNرD2:?2mJNՃߏ1?bzŔgv[p¬4-7NxL},Bʐ. µ`;1tsC^&1&b8x{q (F40|RE`O2 xZ<ݮPI$QR@v)8_K#”h9ٽvde]N"H/ዦHЃRӔ/3iK}t G"!P$,,DhZ1ʍ ۙݶFf5Us]v<Ǖa茈8xecjyl S#u]}*(+5XX#X #Ff,' (Af/@Qm,iMZ#ʌ&ؚ`Bslg~FM&)2x8&&MǮ42_U{z!!#-wI07A8 "` tJ[|[Evo I;ؔkJ5,?*{j9. E }Ik ZؗΠIuUjop`>hߊV-a-ȡ'!l`U)`/F\/#QEŷCIHٔk˯ŵ1ekaX,wrWrlnЪ4V߰^VLtzQ8}j䥦9AG%]6)|tF.3s߂Bae/uK*e,` k :a5`V>ި 2~T k& ՜{X|'@S}$e4; #"Ӟ9']Ð|E]t`eBєg?%4+`1_IQ&4z m/+!_cRq o \0SII f ]95Xs ԥ,U+J1CKr/Z"pGOb$_iۋhx9 9>`4ެاiRʹG:aٰr*vRUUg]`Z?A8Rxی+Q`5U ՜&&%3~Yİ>|󡐕'< ; HfhucrBb-A(RCc/G* uv-x:OMw~w2~w2~w2~w2~NJEߚq3Ω0~֯DwakSu'&fȁ<Vz68 )E&ǔZ@X3DRNeHh==#4 $B@@I/נ@mZ"4o_\RLoA\GX!`A6{@lH $ fXUe[b4,9>XUhy>80L5iT62q7ؘA" aBy]ؚmK|yO^F(ya#0^6?7!XsxoF_lԾ̪4Ӿ-þ-`{jKFdu3cyg"@H ۫=sKDmߴMs~y7f TgxQtxS0p$,C7a6cDF84:N][AsJezPu;oeIIcw˱[WJZ o!ɑ{v'0 ~JK6_Kkl:~:nYEMH^&${Ќo͓nbȍ0 Ws! iPgUFAS뙡LfERs{mZ@հ&`P jfXVBIQHz\]:eѲKkKc :t)(޺T!֖֗3ѹ=Լh}؂_]ҽ? vM&0C"#FTXKD:`\ňQqD32[) $*X*$%\݃^9/y~?y yG{4vHjx/U6 cqN< XMZVړ䥨!N:̶E-r9 Tכ7.P5hHHL!VTKzՈ=Tb(h~ʾVW,^GkNiξCm̱?5ìͨ4$qHaFk!"Byg* n'٫Y06OXl Lqݬ`qݤ{1VWSZ_2QOQ Q?D)zt;g ja`<8_&ȸQA8n (P@#@ٕ"_PgW#v 0DךQN|?Ey9:ZnOoCƑ?b+.-]T5,hXm% ~d E?P9E=юvˇ> &V8~vgSCYn2yDߕDzyA y!Fv?;Kb+.,JWQ$񾟣HUWsd+ , "n"dY"'"KIH ]AڤG+1-C}# _W1h=^1@>gnYiv'.g̡xZR,?jU%WK,~'dML }|VL slkOBۈl%UMyL}x[T˕}U+_i?~tـjcE~E:tdHc r//K\Ix##kg{毅_!0 8 rB@[j$UO 5Vw:n%f\n^uE@l?ܙ6 ޽<B~.4S`Apb}s:l0V)^̂-zq58x>eڽg7L>ǨY \Q,s4pLwwzכrq#}D?3U4KL*2&Bc849|vtV4!b? Li -Y<8ۂW2")*0G#{?=flDLNR"QJ}ӾfbWn(lCl_;b21#B@Hxo@wK-ဢt(.H oI_[POXPOB5OvCJn*77p<9Wͬ0SL\.⛋pL?ۏOZPnN@ S38g)8.w`C'k7+/ |mb{> gE R]´vxzt$P!%h$bzsbf 3üޝC_F`!3&+nVjE)_B׾Rc] U(|m^ߧxQ2uhտXk0M蕴B^s##vFC>i`}`jڛ]*Y4ME'7^sE[[j%.zQJΜ8OǶJ96ba_d_@ḫʛWn#=D>{ʼn?|ka3? `jE@' @9\p٭ࢠn$1x?5hW=Eԥ \\ڎVܝ*236b9W6_ XoCdx\$Oܾq2XxZ@&\ejh] wk@H;?b0~uľ^U|bٴ^dO>*{MoNDT)pF #o0߬1z>;/a4DZ=CPN7pܓ17?YD۾n􇖉H$R@ V˕R# `d1ɪ"+Uw9 طV++ D`q:#dxG!*eiث.81C=bǨ[ɚŭop EУcwЯba"Jj"Тp+x;P` @= {;ӈ3]׳Kx3ϨϤS4lVz[2g3Dܻ5 fu ѣĹ3 ,N>n 3Dqz4}z<8?6%'x0[tot^]}B΄[4Gx#KXfAgu0=_qM#6OL5UL%O,B.6^Ğ $ǖk=I_;KFe8x7^n;6./ ]C?Tw'66Ga1hmBL'͆?4.Ɣnb5) Q]a׆Ǎ;LߙE-a6Rz0$*Y AŌrt(W EJhtOG1<<40J6,x(MlۀJq}"h|:a=H[8<ۺ9te߆"q*T-BBB= l-ZHKbҤKId~1'I>ಓ @DW]WvBaItim e 6Ns̄0Qxz|H+G֠GJ ~LhI/;>#0qO{PN`>x(8AX"H "s{F|&ԀtYsJd@`'2Ǟcӄ2_:<8|7L {+̑2m5u׌ezԢı"贯Iױf98`ք.цId|ABQ}@ 1LGX/knvjA߮ed#ɑWuBz𼪊 YT8cgrJc{[/AI)H[aȹD6e;Plvp"1b1?"ⅰx!ZAy|TtLsD> :F左csawso'bO_^s7eEL 3t#m{XFuYҎNw.!#R.\OFk_Sa0hoy㴁E"=`3 h;is[D:9Am'{gx-4) m+#84B>XzEzµ \& |ت;q^g4=9a7 1/{HPWFWݜ햏 /o| 8O.@pπ!Xu(Fђ[0?FuoY %65-|0qGĦn->u¥"ZUXؕ%(X_gA24⿝9{=G-\WX$Gx kyfŧSW<2JP+r`V@8̝ ,ӟ~HǶI$`<=fږ+zr 1\e~8Şi{(q",@݌Qѵ+Kea$VivEO8ǩ3dZhup! 1t7ԭ8}=`<ЩA^"S.vVivܔ1YF.EmhT[щYyӷw{Λ3={*?)Il=q,a^|SwϏp 0tcxcӳ I62" $8jVI&;;Ŭm4lrlyFJJolH6rm90X1'(R9(t7=MaN*S*|J>-h\lu{}8v,s80'¿Ersg<ǚzxX0֫rXtlPozc;|6ga({B]Ay@~Ճ!8g\_> @c݄6y8t.@W6 5ϸCi6e1}t1yLBL1`'xb>nh1)d'kśrI-9O*DX6~͸M(_g,BYדWv!|xFK-^8|%nA-rjTwo$v)S _џ_Q>1t{<]}7EQvi?q;wpڟt?vޘ#K( dN)< ?`]2/{5Qnm nq?wP e\k0 {D%X~ax8P2ϏpF:62:(1HdoN 3A"H)_Z_V)C.(kyl90.4J$oD H݇ qr5]e^ϓUAP@cAhcGuAۂgJ @ to,)_`0N(Ҿj~jx@ R@Mi`|CZ~)]gs4_.*Ma?\EIXA-}.Vajϔ>#G32Qaq vxC|J\+ï" fmzHU#MϒzPUj;#r&;wERy{`ۥ7SfN j3*-aD~+,>5-bZ-NJ+ o&KN:7-=\\YQ\`V>`o]UzZ-q'4JēUݠDv33ێ7;uAO2-*輙g2U kqAmexƙqI]|<`HEtY0 = kjn1xkЂɆ}h?(|xl Of.~Rnm4kt~ R/?˧Zb-Gt]܄]#+ 9bzl:^cK, =BiB$l`ELq(|J&٩~_T>^=)e 6FA/4v\ڿbY$3 tOO$nk"p3oVknRu)Lǻ=<~FP&% L#^x3wF0#V}xV -l #蒚^>>*5U?ԪŊV>TjoJ-H5w\HD8~;6E&A5l0w:K' ]Qݱt`vP'xq T&ޡkK.qeW|C0W ǀ-}}hp :W=yپt$h1t%4y\0W-.m:vK|"+R-qmw"sѹ9J;U͓_t>\JaF ytNqVܜ ',u}>oA5Vf7wC0 o%_w*3]BU+kD4;߷[b\ >09TE[!b5pap/۰N*_,_jBtbrpfh2>qcne45ѬSxzqaY"g;?I>