PDF Spam is Here

There have been a number of reports in the media about a “massive” spam attack where the spammer’s message was contained in a PDF file attached to the message.    Our spam traps have so far detected two different ‘runs’ or attacks of PDF spam.  Both types were of the stock “pump and dump” variety.  The first example was a slick looking affair with a pretty layout which contained both text and images:

The second example was merely an image inside the PDF, identical to those we have seen from the stock spammers in recent weeks in their “usual” image spam:

 

So far, the PDF spam we have seen has been on a relatively small scale - perhaps representing a “trial”.  Certainly the volume has not been as great as the media reports have suggested. 

 
Nevertheless, the arrival of PDF spam is highly significant.  Recently, image spam has declined significantly as anti-spam filters have improved their ability to block it.   PDF spam is the next step – it represents yet another attempt to bypass filters by encoding the message in a different format.  PDF files allow for fancy formatting, colour and the inclusion of images.  They are also ubiquitous – most people have a PDF viewer.  For these reasons PDF spam is an unwelcome, if not unexpected, development.  It remains to be seen whether PDF spam takes off in a big way - we at the TRACE team will certainly be monitoring the situation closely.