PDF Spam Strikes Back

Today's wave is relatively small (less than 0.5% of spam volume) in comparison with the penetration that we saw back in mid-2007, but PDF spam has been almost completely non-existent since it waned back in late August.

Below is some information related to this latest threat:

-- Subject lines look like poorly translated pill/enhancement advertisements. Some example subjects include "Just out pills, read an email" and "Never-seen pills, overwhelmingly important statement"

-- Message bodies are short pill based advertisements (original PDF spam had empty message body content). Most are similar to this example:

Hello,

Very Inexpensive Ph0ramcy for low price. pay attention to the attachment PDF file.

See you!

-- Attachment names also follow this same theme. Attachment names like pill.pdf, pills.pdf, medicine.pdf, and drug.pdf have been seen by our systems.

The actual PDF attachment is a one page, text based PDF. The first 3 lines of which contain an additional advertisement such as

Best Offer of Pharmacy Products here: We are waiting for you here: http://PowerMadXmas.com Low Prices, Fast Delivery, and Discreet Package.

(URL above is random)

The next three-quarters of the page contains random word salad unrelated to the actual pill spam. The bottom of the PDF contains text similar to what was found in the message body.

Whether this is a small blip on the radar or spammers looking to get back into PDF spam on a wide scale (not likely) remains to be seen, but PDF spam volumes having been near zero for the past 5 months, this is certainly an interesting development in a tactic that had gone completely dormant.

*** UPDATE 1 1/24/2008 4:20pm MST ***

We have some more PDF spam subject lines:

Best offer of pharmacy products Enjoy the newest medication Get the freshest drugs Enjoy the newest remedies Weighty pharmacy offer Major importance medications offer

These are only some of what we have seen, but the prevailing theme remains constant; more pill and drug spam.