PDF Spam: a Nuisance, Not a Threat, Yet
The email attachments are a matter of suspicion if it doesn't come from a trusted source. A security engineer, Erick Lee, at Adobe said in an e-mail on August 15, 2007 that no malware can be entrenched by PDF on a user's system, who cannot be suspected, than any other attachment in the e-mail typically and he also added that although PDFs have never been a concern till date but they might become a security concern some where in the future, as reported by ZD Net on 16 August 2007.
There has been a hike in the spam rooted within the PDF documents over the previous months of June & July 2007. Also, "pump and dump" scam used in the second week of August 2007 have caused an enormous hike in the spam levels and the price of the share of the company which was emphasized upon in the PDF scam campaign.
According to the latest report by Symantec, there surfaced PDF image scam in the month of June 2007 and the occurrence is on a hike since then, which has accounted for two to eight percent of the total spam in July'07.
Although Lee calls the incident a nuisance, he does not verify it as a threat to the security of the users. Even the PDF-creation software maker denies of having any proof which makes its users liable to any kind of security risk. Erick Lee also adds that PDF can be assuredly used as the standard method for exchange of dependable and secure electronic information, instead of to be taken as a security threat.
Any one who sends a legit PDF can ensure that the recipient knows that the file is genuine to use and can use a certified document digital signature. The security engineer noted that it would give an extra authenticity to the content and the writer when it is combined with Adobe Acrobat and Reader. However, Lee advised the users to have precautions to protect themselves by exercising cynicism and vigilance while receiving unwanted communications which request user action like opening attachments or any Web addresses.
Related article: PDF flaw gets fixed with Adobe patch
» SPAMfighter News - 29-08-2007