[LINK] the state of malware (including pdf stock spam)

Scott Howard scott at doc.net.au
Tue Jul 10 10:44:04 AEST 2007


On Tue, Jul 10, 2007 at 09:54:50AM +1000, Craig Sanders wrote:
> 
> speaking of spam, has anyone else noticed a significant increase in spam
> volume since about the middle of last week?

Yes, it's occuring globally.

There's 2 main drivers. The first is PDF spam. After a single 5.2 billion
message attack in Europe a few weeks ago the amount of PDF spam is
increasing - we're seeing much the same pickup as we saw with image spam
a few years ago.  For the most part these have been stock spam, but
there's even a few pharmaceutical ones coming through now.

The second is a huge greeting card spam that's been going on for a few
weeks, but increased significal around the 4th of July holiday in the
US, with some subjects specific to the holiday.  The single purpose of
this spam is to install malware, with the payload almost always being a
URL to a .exe download (frequently but not always postcard.exe).

The real issue with the PDF spam is that they have the potention to be
_big_, which can suck real bandwidth.  The European one was slightly
over the 100k mark, which is around 6-7 times the normal spam size.
The only way spammers can send large volumes of such large messages is
through huge bot networks - guess why we're seeing an increase in
malware spam!

  Scott



More information about the Link mailing list