Report: Image spam drops as PDF stock spam rises

News by Frank Washkuch Jr.

Levels of image spam dropped again in June, but researchers also saw increased use of PDF spam.

Levels of image spam dropped again in June, but researchers also saw increased use of PDF spam.

Image spam, which accounted for nearly 52 per cent of junk email messages in January, declined to an average of 14.5 per cent of all spam during June, according to Symantec’s latest report. Image spam had accounted for 27 per cent and 37 per cent of all spam during April and March, respectively.

Symantec researchers discovered two forms of image spam that use attached PDF files to hide their messages.

One type carries a PDF file disguised as a legitimate stock newsletter. However, unlike traditional spam, the messages do not contain distortions, according to Symantec.

The other variant contained a PDF attachment with a stock spam image, similar to prior image spam messages used in pump-and-dump scams.

Doug Bowers, senior director of anti-spam engineering at Symantec, told today that PDF spam is just the latest way scammers have found to use images to their advantage.

"I think that (image spam) has been a rising trend for more than three or four months now. We’ve been tracking it for over a year now, and over time, anti-spam technologies have gotten better at filtering it," he said. "PDF spam is the same wolf in sheep’s clothing. It’s another attempt to get around filters by obfuscating in a different way."

General spam levels were steady throughout June, accounting for about 65 per cent of all junk mail.

Researcher Kelly Conley said today on the Symantec Security Response Weblog that the large PDF attachments are most often used in pump-and-dump scams.

"We have seen a few different variants of this type of spam type thus far," Conley said. "The first one is the newsletter variant, in which a PDF attachment is made to resemble a legitimate newsletter. The second variant is one in which the PDF attachment resembles the more familiar images of a pump-and-dump stock operation. The most prevalent type of PDF spam that was detected in the month of June was pump-and-dump stock spam. Once open, the PDF file displays an image of a stock symbol and some text indicating it’s the one to buy. The image has many of the same obfuscation techniques seen in past pump-and-dump stock spam: color variations, font variations and pixilation."

Scam and fraud emails jumped from nine percent of all spam in March to 14 per cent in June, according to the report.

The Califonia-based company revealed that 32 million end-users were also targeted by a "free money" scam advertising no-hassle loan give-aways for businesses.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop