Addressing recent increase in PDF SPAM
As you may have noticed over the last few days, there has been a huge increase in PDF SPAM. This spam is generally identified as a single message, with attached PDF containing JPEG image SPAM. This pattern easilly bypasses most appliances that have no ability to handle the processing power needed to decode images, much less those encoded inside a PDF file. Not that we’re gloating, but there are only 24 hours in a day and its not enough to talk about how different ExchangeDefender behavior is compared to RandomSpamApplianceFromTaiwan.
At the moment, there are also several unique characteristics to these images:
- they are all 7bit encoded.
- they all use a single useragent associated with the Mozilla Thurderbird mail software.
- they are all blank messages with no text in the body.
- the attachment matches the filename mentioned in the subject.
- pdf file is a legitimate PDF file with no publishing information except for a single JPEG
Based on all that its relatively trivial to trap these messages, however, we expect the pattern to continue and to escalate into making these messages seem more legitimate. While these PDFs are not dangerous in nature they can be annoying and your users should be warned to never open any attachments from contacts they do not trust/know.
As always, thank you for your business and we’ll keep your mail clean for you.