Email security vendors reported a spike in PDF spam this week that, because of the size of the messages, increased global spam traffic by as much as a third.
Because PDF spam messages are as much as four times the size or traditional spam, the spike increased global spam traffic by 30 to 40 percent, according to researchers at the Commtouch Detection Center.
Spammers are quickly turning their attention to PDF spam because it easily bypasses many existing filters, according to the Israeli messaging security firm.
Menashe Eliezer, head of the spam detection lab at Commtouch, told SCMagazine.com today that his firm has seen different types of PDF spam, including one containing a virus.
"The first PDF attack was about two weeks ago, and right now, as we speak, we are seeing quite a big spike in PDF spam," he said. "The spam that we saw on Wednesday was a PDF that had clear text with a logo, however, the last one had a random image. We also saw an example, where inside the body of an email, you have a link to a virus and an attached PDF is a stock spam."
According to researchers at MessageLabs, the spike indicates that some spammers have given up image spam in favor of PDF spam.
Matt Sergeant, senior anti-spam technologist at MessageLabs, told SCMagazine.com today that this week’s PDF spam spike is "the sort of thing that’s been going on in waves. The way the storm botnet works [is that] it gets repurposed depending on the time of the day."
"The type [of PDF spam] the storm botnet is mostly sending out is taking the images seen in the stock scams and putting them into the PDF. What happens with a lot of this stuff is that if you have a specific file type, a lot of companies will be blocking that file outright," he said.
Sergeant said he was unsure how long the PDF spam influx would last.
"I think time will tell, to be honest," he said. "It’s likely to be one of those things that remains for six months to a year and then will be re-evaluated."
"It’s surprising that image spam went on for so long. Obviously it’s something that works for [spammers]," he added. "And if PDF spam continues to work for them, then you’ll see it for a longer period of time."
Click here to email Online Editor Frank Washkuch.