PDF Spam Returns

Filed in archive Spam News on November 1, 2007

PDF spam is back and this time it's more than just a nuisance. According to researchers at several security vendors, a new attack was launched last week, sending tens of thousands of spam messages across the web. This new attack appears finance related, with subject lines touting things like free credit reports.

"When opened, the PDF file uses the CVE-2007-5020 vulnerability via acrobat reader and [Internet Explorer 7.0] and downloads further malware from a server in Malaysia," according to security vendor F-Secure's recent blog post. "The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity."

The PDF spam attack from this summer showed that spammers have a creative side, having figured out that most spam filters aren't able to read PDF attachments. That attack was harmless. The attachments sent then simply hawked various stocks. Now the attack is more dangerous because the attachments unleash malware.

Spammers will "exploit any vulnerabilities they can, which in Windows is about a quadrillion different places," says John Levine [stet], president of consulting firm Taughannock Networks and co-chair of the Internet Engineering Task Force's Anti-Spam Research Group, adding that he believes this PDF spam blast to be the latest incarnation of the Storm malware. "Using Acrobat has the added advantage that it works regardless of what mail program you use, so even people who use Eudora or Thunderbird could get bitten."

Adobe released a security update for Acrobat and Adobe Reader on October 22.