PDF Spam Returns with Greater Power
A summertime nuisance, PDF spam that inundated surfers inboxes in August
2007 to soon disappear has returned back with an even worse impact.
According to security researchers working on multiple threats, a huge
number of spam mails with PDF attachments were pushed out in the end week
of October 2007. These attachments infect computers when recipients view
them. This new PDF spam use subject lines related to financial issues,
according to security firms. The e-mails have only the attachment and do
not contain any text.
According to security researchers at F-Secure, a global security vendor,
when a recipient opens the PDF attachment, the file exploits the
CVE-2007-5020 flaw in Internet Explorer 7.0 and Acrobat Reader to download
more malicious software from a Malaysian server. PCWorld published this on
November 1, 2007.
Although PDF-styled spam faded away by September, as fast as it appeared,
security experts are hardly surprised at its comeback. Adobe issued a
security patch on October 22, 2007 to update versions for 8.1 and the
previous ones of Acrobat and Adobe Reader.
According to John Levine, Chief of consulting firm Taughannock Networks,
and Co-chair of the anti-spam Research Group of the Internet Engineering
Task Force, spammers don't spare any vulnerability, which relates to a
quadrillion separate places in Windows. PCWorld published this on November
Levine also believes that this outbreak of PDF spam is the latest form of
the Storm worm. Up to now, the Storm botnet has been used mostly to send
spam mails, which have since grown in volume. The Storm worm originally
sent messages giving news about devastating winter storms in Europe in
F-Secure has expressed concern that PDF attachments are being increasingly
used to stretch Trojan horses and viruses that easily pass through most
firewalls. It seems the malware aims to build a network of bot-infected PCs
so that more malicious activity can be launched.
Chief Research Officer Mikko Hypponen at F-Secure said that the company was
apprehensive about the PDF case, as e-mail gateways typically fail to
filter PDF attachments. While there is blocking of executable files almost
everywhere, there is none for PDF files. Techshout published Hypponen's
statement on October 29, 2007.
Related article: PDF flaw gets fixed with Adobe patch
» SPAMfighter News - 11/22/2007