MessageLabs White Paper Sample

For some time now, spammers have been evading traditional text-scanning anti-spam measures by sending their messages in images, such as .jpeg files. Spammers would also randomize their images, making detection more difficult. PDF spam now accounts for around 20% of spam. MessageLabs first saw large-scale PDF spam in the middle of June 2007, when a “spam run” or “campaign” was started to “pump and dump” a German stock.

Many new types of spam start primitively, and PDF spam was no exception. This first spam run included exactly the same document in each message, making it easy to stop the messages using PDF hashes or “fingerprints” (like MD5 for example). But make no mistake, spammers continue to come up with new techniques, and PDF spam will change as well.

As you can see, the boundaries between different types of messaging and web-related threat are blurring and converging to produce a new breed of “superthreats” – the first of which appeared in 2003 when viruses and spam first merged to create a whole host of messaging security problems. Spyware is playing the key role in both of these trends. The information it leaks out is underpinning scammers’ efforts to deploy the other weapons in their arsenal in a much more precise and targeted way – effectively equipping them with a sniper’s rifle instead of a blunderbuss. Not only are the threats becoming more precise, they are also becoming stealthier, as large-scale attacks generate media coverage and so prompt businesses to improve their defenses. Spammers and scammers are increasingly employing their better targeted attacks to stay under the media and security radar for longer.

View This Now