PDF Files Laced with Spam

MX Logic has reported a 25 percent increase in spam volume, in particular spam that uses text in PDF attachments. According to Sam Masiello, director of threat research for MX Logic, tainted PDF documents are the evolutionary next step for image-based spam. The reason: The converters needed to open the PDF document in order to use OCR technology to scan the document and check for spam aren’t yet widely used in anti-spam tools. Masiello thinks that will change and so do I. This latest tactic–using text in PDF document attachments–will likely be curtailed soon as anti-spam and mail security tools spin up PDF converters and start running filters over the contained images and text. However, social engineering and the PDF’s reputation as a trusted information source are likely big reasons why spammers are using the file format. In my experience, subject lines and file attachments that resemble the subjects and files I use in my daily work life are much more likely to get me to click “open.” This doesn’t always work. E-mail messages addressed to me that are supposedly from coworkers who long ago stopped working at Ziff Davis immediately get zapped when I’m going through my inbox. The same goes for e-mail that claims to be coming from me. But a message with a terse note from my editor with a PDF attachment? Yeah, I’d likely open that message. The reason: I trust PDFs because, in the past, PDF files sent to me have always contained information that I needed. (For one thing, page proofs for the print version of eWEEK magazine are sometimes sent to me in PDF format.) Masiello, when I asked him to speculate about the next step for PDF spam, said after .zip attachments to mail messages lost their appeal because of user training, password-protected .zip attachments–where the password was included in the mail message, usually with the advice to use the enclosed password to open the supposedly encrypted .zip file–became the all the rage. Maybe we’ll see password-protected PDFs next. I’d hate to see the day, however, when I stop opening PDFs attached to mail messages the way I stopped opening .zip files.