PDF spam levels plummet

Having hit record volumes in early August, PDF spam now barely registers

It appears that PDF spam has had its 15 minutes of fame.

Having reached its peak volume on Aug. 7 at nearly 30 percent of all spam messages sent, PDF spam today is hardly registering on e-mail security vendors' spamometers.

The unwanted e-mails with PDF files attached -- usually pushing the recipient to purchase a penny stock that the spammer then dumps once the trading price goes up -- comprise less than 1 percent of spam today, according to security vendor Sophos.

PDF spam began hitting high volume levels in early summer, the highest of which occurred on Aug. 7 when a pump-and-dump stock scam exploded across the Internet, touting a company called Prime Time Group. The attached PDF looked like a financial newsletter advising the purchase of the stock. That spam blast, which some security vendors said at the time was the largest in spam history, lasted for the better part of the week.

There could be a number of reasons why PDF spam has all but disappeared, says Ron O'Brien, Sophos senior security analyst. Since the actual message is attached to, not embedded in, the e-mail, recipients may find it too time consuming or cumbersome to open, he says.

"A malicious embedded link, on the other hand, is quick and easy to access and would probably have a higher likelihood of luring people to open" it, he says.

The idea that PDF spam is too complex would explain why a few good old-fashioned spam messages appeared in some in-boxes this morning, simply stating the recipient should purchase a cheap stock before it gets snapped up. No attachments, not even a link to a Web site, just some persuasive text.

While spammers may be looking for new ways to get their message across, Sophos' O'Brien warns that e-mail users should beware of a false sense of security.

"Although PDF spam is showing a decrease currently, there's no reason to believe that it will not strike again," he says.

Join the Computerworld newsletter!

Error: Please check your email address.

More about Sophos

CIO
ARN
Techworld
CMO