Application security

Image spam drops again, but researchers see more PDF stock spam

Levels of image spam dropped again in June, but researchers also saw increased use of PDF spam.

Image spam, which accounted for nearly 52 percent of junk email messages in January, declined to an average of 14.5 percent of all spam during June, according to Symantec’s latest "State of Spam" report. Image spam had accounted for 27 percent and 37 percent of all spam during April and March, respectively.

Symantec researchers discovered two forms of image spam that use attached PDF files to hide their messages.

One type carries a PDF file disguised as a legitimate stock newsletter. However, unlike traditional spam, the messages do not contain distortions, according to Symantec.

The other variant contained a PDF attachment with a stock spam image, similar to prior image spam messages used in pump-and-dump scams.

Doug Bowers, senior director of anti-spam engineering at Symantec, told today that PDF spam is just the latest way scammers have found to use images to their advantage.

"I think that (image spam) has been a rising trend for more than three or four months now. We’ve been tracking it for over a year now, and over time, anti-spam technologies have gotten better at filtering it," he said. "PDF spam is the same wolf in sheep’s clothing. It’s another attempt to get around filters by obfuscating in a different way."

General spam levels were steady throughout June, accounting for about 65 percent of all junk mail.

Researcher Kelly Conley said today on the Symantec Security Response Weblog that the large PDF attachments are most often used in pump-and-dump scams.

"We have seen a few different variants of this type of spam type thus far. The first one is the newsletter variant, in which a PDF attachment is made to resemble a legitimate newsletter. The second variant is one in which the PDF attachment resembles the more familiar images of a pump-and-dump stock operation," said Conley. "The most prevalent type of PDF spam that was detected in the month of June was pump-and-dump stock spam. Once open, the PDF file displays an image of a stock symbol and some text indicating it’s the one to buy. The image has many of the same obfuscation techniques seen in past pump-and-dump stock spam: color variations, font variations and pixilation."

Scam and fraud emails jumped from nine percent of all spam in March to 14 percent in June, according to the Symantec report.

The Cupertino, Calif.-based company revealed that 32 million end-users were also targeted by a "free money" scam advertising no-hassle loan give-aways for businesses.


Get more IT security news. Click here for SC Magazine Blogs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.