Massive PDF Spam Outbreak

July 11th, 2007 by Rebecca Herson | Category: Data & Research |

The Commtouch Detection Center has just reported that PDF spam has been spiking over the last 24 hours, making up 10-15% of all spam messages. Given the fact that these messages are nearly 4x bigger than ’standard’ spam messages, this increases overall global spam traffic by 30-40%.

The new technique of sending spam messages as a .pdf attachment first appeared about 2 weeks ago and got some press as a ‘new and novel’ type of spam. Now we can confirm that is has been adopted by spammers on a wide scale.

The popularity of the .pdf format for legitimate business communications makes it difficult for traditional anti-spam solutions to block effectively, without causing massive false positives. And the spammers have noticed how easy it is to bypass anti-spam engines, are for the most part have stopped trying to “hide” their messages with funky fonts and colors, and are sending what appears like standard business letters via PDF (until you notice that they are selling organ enhancers, or stock tips ;).

It’s too early to declare .pdf spam ‘the new image-spam’, but according to these early indications, it looks like a definite possibility.

We did some analysis on the sources of the spam email, and found that in the last 6 hours of the attack, the spam outbreak came from 167 different countries (presumably zombies).

The top 4 countries are: