PDF Image Spam Beats Filters

By Greg McNevin

July 10, 2007: The relentless arms race between spammers and security firms rages on, with spammers now using a popular anti-spam technology to punch through filters.

Spammers are now using blurred text embedded in PDFs to outwit filters. Embedding text in PDFs causes immediate problems for scanners, however, by taking the further step of blurring the text the dodgy emails are unable to be read by anything other than human eyes, enabling them to deftly evade modern scanning techniques.

“What's different from earlier image spam is not only that these are PDFs, which adds an extra layer of complexity to the task of filtering out spam, but the text inside is deliberately distorted to make it extra-hard for computers to recognise,” Neil Cook, European technology chief at anti-spam specialist Cloudmark told theregister.co.uk.

“We've been seeing a lot of PDF stock spams for the last 10 days or so, and there was another spike last night. Images are particularly easy for humans to pick up, but particularly hard for computers. These ones are distorted too - it's the same technique that websites use to keep spammers off by making visitors type in distorted text during registration, and now the spammers are using it on us.”

This round of spam is spruiking German penny stocks, one of the oldest tricks in the book. Cloudmark says it is currently blocking this new batch of pump-and-dump PDFs, however, as always it is only a matter of time before the new technique becomes more potent and widespread.

It does make you wonder though, who in this world trusts stock information that is emailed to them, embedded deep within a dodgy pdf, blurred out and from unknown, unsolicited sources?

Comment on this story