Traditional image spam is again on the decrease, but attachment spam - containing images as part of Microsoft Office files - is on the upswing, according to Symantec's "State of Spam" report for August.
Image spam accounted for only eight percent of all spam during July, a drastic decrease from January, when it totaled 52 percent of junk email. However, the percentage of all spam at the SMTP layer, 66 percent of all email, was consistent with previous months.
Researchers said that PDF spam increased during July, accounting for between two and eight percent of all spam.
Doug Bowers, senior director of anti-abuse engineering at Symantec, told SCMagazine.com today that the stats contained "nothing that’s a huge surprise," but noted trends showing a drop in image spam and an increase in attachment spam.
"Of note, what we’re seeing is [an increase in] PDFs and the larger trend toward attachment spam," he said. "Last month, it wasn’t clear if spammers were going to stick with this. They seem to still be in the poking-and-prodding stage with other attacks."
Twenty-eight percent of all spam pitched products, ranking it as the most common spam category, followed by financial junk mail at 18 percent, internet pitches at 17 percent, health issues at 13 percent and scams at nine percent.
The Santa Clara, Calif.-based company also saw an increase in the use of spam containing Chinese top level domains.
Symantec reported that it captured 250 million copies of greeting card spam last month.
The content of the cards ranged from everyday greetings to holiday-specific messages, according to Symantec.
Researcher Kelly Conley said on the Symantec Security Response Weblog that some versions of greeting card spam lead to malware downloads.
"Greeting card spam containing links to viruses was seen at higher-than-usual numbers in July. More than 250 million Symantec customers were targeted with these message types. Around the Fourth of July, a particularly large outbreak was seen and blogged on," said Conley. "The content of the greeting cards consists of an exposed IP address in most cases, which is a very good indicator that the card is not genuinely good. These exposed IP address links were downloading trojans onto computers."
Click here to email Online Editor Frank Washkuch.
Click here for the latest SC Magazine Podcast – Aug. 6, 2007: Interview with Jeff Moss, Black Hat founder and director.