Friday, September 18, 2009

What is a PDF SPam ?



What is PDF Spam?
First there was email, then came spam - unsolicited commercial email - hawking pharmaceuticals, stock trades, sex, and more. Spam filtering became smarter with keyword and bayesian filtering, and the spam was minimized for awhile. Then image spam began, the emails with little more than a link to an image on a server. When the email is opened with an HTML email reader the spam appears a few seconds after viewing the email. Since there weren't keywords to analyze, most image spam slipped through spam filters with ease. However, now spam filtering tools have added OCR capabilities to "read" an image and search for keywords and phrases just like text emails. So what's next for the spammers to try...PDF Spam.
google_protectAndRun("render_ads.js::google_render_ad", google_handleError, google_render_ad);
Spammers have now resorted to attaching PDFs to emails to entice users to open the PDFs and read their ads. Very annoying, since almost all spam including a PDF is much larger in size than a normal email. At first, I wondered if a virus writer had been able to inject a PDF file with a virus and was infecting computers. I received literally hundreds of these types of emails a few weeks ago. Luckily it does not appear that way. Although many of the newest viruses are hijacking computers and sending these PDF spams from these drone machines.



Spammers have now resorted to attaching PDFs to emails to entice users to open the PDFs and read their ads. Very annoying, since almost all spam including a PDF is much larger in size than a normal email. At first, I wondered if a virus writer had been able to inject a PDF file with a virus and was infecting computers. I received literally hundreds of these types of emails a few weeks ago. Luckily it does not appear that way. Although many of the newest viruses are hijacking computers and sending these PDF spams from these drone machines.



What Does a PDF Spam look like?
Most common PDF spam has very little in the body of the message, just a subject and the PDF file. You can see a copy of this type of spam below:


Can A PDF File Contain a Virus?
Well, yes and no. Back in 2001, a virus named Peachy was created that distributed via PDF. Fortunately, it could not be activated by someone viewing it with Acrobat Reader, only users with the full version of Adobe Acrobat were susceptible to this virus. Peachy exploited the fact that PDF files could contain executable files, in this case a VBScript file, that users
of Adobe Acrobat could actually open. Virus scanners were updated and the virus didnt have a huge effect on the internet
.
Luckily, up to this point there has not been a way for a virus writer to infect a PDF file so that a person viewing it with Adobe Reader would be harmed. Although its still best to scan ANY file including a PDF file with an up-to-date virus scanner before attempting to open it.


Can PDF Spam Be Stopped?
Although PDF Spam is a huge problem currently, spam filtering programs will catch up and start to filter this garbage email out. Unfortunately, the attachment spam will morph into other types of files, and I've already seen Excel files (.xls) being used for spam as well. Using a reliable spam filter from your ISP or business and being careful not to open ANY attachment you are not sure of will keep you the safest. Although PDF spam may not contain a virus, the best advice is to not open it and just delete it.



What About Greeting Card Spams?
A new round of electronic greeting Card
contains viruses are making the rounds as well. These ecards want you to download a file called msdataaccess.exe to view the card.


0 comments: