Pump-and-dump spammers turn to PDFs

Pump-and-dump spammers turn to PDFs

Summary: Anti-virus researchers at McAfee are reporting a massive wave of "pump-and-dump" stock spam -- with a interesting twist.

TOPICS: Security

Anti-virus researchers at McAfee are reporting a massive wave of "pump-and-dump" stock spam -- with a interesting twist.

Instead of attaching image (.gif) files touting the penny stock, the spammers are now using PDF files with randomly generated subject lines, sender names and blank message bodies.

Pump-and-dump spammers turn to PDFs

McAfee's Nick Kelly said the appearance of PDF-based spam makes sense for the spammers because the automation of PDF files is easier than other documents formats.


Pump-and-dump bot war?

How lucrative is pump-and-dump spam?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Yeah, but it's easy to filter and block

    Since PDF isn't a common format to exchange information via email, the mere existence of a PDF in an email will be a big red flag that anti-spam software can use to tag it as spam. Nice try, though.
    • Are you kidding?

      **Sorry for the double post. This was supposed to be a reply.

      PDF is one of the most common document types in the business world.
      • In combination with other factors

        Nope, not kidding.

        First of all, I dunno what types of businesses use PDF, I usually see DOCs in most places.

        Second of all, spam filters look at several things to determine if it's a spam. A blank subject line also indicates spam, and an IP address indicating it originated from outside the company's firewall should be a dead giveaway.
        • We use PDF all the time

          We send our customers reports in PDF format, almost exclusively. PDF is wonderful for reports since it allows the report to print out exactly as we intended it to look, graphics, horizontal rules, and all.
          • All legal documents are also sent as pdf files

          • And in all the years

            since the PDF format was created I have only known 1 person who liked it, and none of us liked him, so it seemed fitting.
          • I must be missing something

            I never get spam.
            tracy anne
          • court system

            Documentation for any case filed in federal court has to be submitted in PDF format
        • You should be kidding. Because you apparently are out in left field.

          PDF's are used in many business, some very frequently. Sure docs may out number PDF's, but so many PDF's do get used in the business world that it would be bound to be sufficient to do what ever the spammers are shooting for.
          • Did I forget to mention other factors?

            Did I forget to mention that PDF is only one factor, and that an good anti-spam solution would check for other stuff, like the empty body and the IP address of the sender?
    • Flag a standard format?

      That's what we use here at work for documentation, and they fly around quite freely. I think PDF's need to be cracked before evaluation. If it's only an image, flag it. If it has a high ratio of positioning commands to text, flag it. Apply normal rules to any text.
    • PDF is normally what I accept

      What am I supposed to accept? MS Word? XLS?

      I already received one of these and can't stand the thought of getting more. As long as the documents are text searchable, then the spam filter will have to work harder to filter them, but if not, then many of the filters are hosed or a new format has to be drafted.
      • Something wrong with the regular plain text or HTML email formats?

        Usually plain text and HTML are the de facto standard for emails, and are searchable by spam filters. I don't see what's wrong with using the email clients' own built-in formats.

        In addition, see my other post above - other factors, such as a blank body and an IP address from outside the company firewall, can also be used to determine if an email is ham or spam.
        • Beyond HTML or Plain Text

          The most common attachment that I get would be PDF. Mostly this is because some tools used for generating quotes or because some one used a scanner to generate the file.

          PDF just makes sense.
        • Uh yeah, if your a designer...

          The only format we use for sending and receiving proofs is via PDF, in fact that's the way it's been for years and years at most places since the advent of PDF.
          Kid Icarus-21097050858087920245213802267493
    • PDF files are frequently used by business...

      to exchange information as attachments to email. Setting up filters to block all mail with attached .PDF files will certainly stop the spammers, but it will also block a lot of legitimate mail as well, and NO business wants that to happen. What is the point of spammers using pdf files if it was going to be a great big red flag as you suggested? The fact that spammers are using this format indicates that pdf attachments is a good way to get past filtering software, and that this will pose a big problem to anti-spam filtering.

      Many businesses have taken up using email to their customers to promote specials, etc, and they are using pdf, instead of office docs, because of the ability to ensure that the layout stays the same, and it doesn't matter what OS you are using, because PDF's can be read by all of them. That was the whole idea behind the format in the first place. These days you don't even need Adobe Acrobat to generate the files. All you need to read them is Adobe Reader, which is free, and only takes minutes to install. Its not as if the reader is not going to be used is it?

      My wife and I both receive email with notices of specials that we have previously requested, and they are all in pdf files. If businesses switch to another format, the spammers will follow them.
    • Blocking PDF...not an option.

      PDF's are very common actually. As a business we receive PDF attachments from customers quite often so blocking the emails is not an option.
  • Are you kidding?

    PDF is one of the most common document types in the business world.
  • it still has to be opened

    It is still an attachment that has to be opened and so the same spam rules apply; random subject line, unknown sender w attachment.. delete that crap.
    MIS Master
    • It can be a link, too.

      Neither the attachment nor the link, it'll still be deleted within my tracks. So I have no need for spam filters, except when I get a lot of junk, which get sent to my junk mail when I have my spam filter in Windows Live Hotmail set to exclusive.
      Grayson Peddie