- Attack code released for new DNS attack
- Parts of SF network still locked out
- Basic to-do apps for iPhone, iPod touch
- Spam King pulls prison vanishing act
- SCO Group: Its future is all used up
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
PDF spam, the summertime nuisance that flooded inboxes in early August and then quickly disappeared, is back and worse than ever.
According to multiple threat researchers at security vendors, tens of thousands of spam messages were blasted out last week with attached PDF files, which infect the recipients’ PCs when viewed. The subject lines of the new crop of PDF spam are finance-related, according to security vendors, using phrases designed to get the recipient’s attention such as "your credit report." These e-mails contain no text, simply the attachment.
“When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and [Internet Explorer 7.0] and downloads further malware from a server in Malaysia,” according to security vendor F-Secure’s recent blog post. “The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity.”
This summer’s PDF spam raised eyebrows because of the sheer volume of the messages and the creative thinking on the part of spammers who figured out these messages could circumvent most antispam filters because they’re not trained to read PDF attachments.
Because of the malware now hidden in the attachment, this round of PDF spam is significantly more malicious than August’s blasts that were typically pump-and-dump stock messages.
The PDFs attached to those messages hid no malware, but attempted to persuade recipients to buy penny stocks in a little-known company so the stock price would be driven up and the spammer could sell at a profit.
While PDF spam disappeared by September as quickly as it arrived — it went from 30% of all spam sent on Aug. 7 to less than 1% on Aug. 29 — few security professionals are expressing surprise at its return.
Spammers will “exploit any vulnerabilities they can, which in Windows is about a quadrillion different places,” says John Levine [stet], president of consulting firm Taughannock Networks and co-chair of the Internet Engineering Task Force’s Anti-Spam Research Group, adding that he believes this PDF spam blast to be the latest incarnation of the Storm malware. “Using Acrobat has the added advantage that it works regardless of what mail program you use, so even people who use Eudora or Thunderbird could get bitten.”
Adobe on Oct. 22 released a security update for versions 8.1 and earlier of Adobe Reader and Acrobat.
Rss FeedRss Feed
In all of these letters that you have posted, Chuck, I have yet to see one that apologizes to PZ Myers...- bullet
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (3)
The Spammer is fromBy Anonymous on November 2, 2007, 2:31 pmThe Spammer is from Malaysia? I'd settle to see him get 20 strokes from a cane and put a video of the event on U-Toob.
Reply | Read entire comment
Why waste time on a trial?By Geoff on November 1, 2007, 10:34 amThey don't qualify as human so they're not entitled to a trial. Even if you do give them a trial, I see no reason to make it a fair one. A friend of mine suggested...
Reply | Read entire comment
RE: PDF spam back with a vengeanceBy Steve Ensley on November 1, 2007, 9:33 amAll spammers should be shot first and then given a fair trial!
Reply | Read entire comment
View all comments