Menu
Here's why .pdf spam went pffft

Here's why .pdf spam went pffft

Expert explains why .pdf spam seems to have disappeared so soon after becoming a staple of junk e-mail.

It's no secret that spammers have informal communications channels and freely share tricks of the trade on the Internet. But what happened in August is enough to make you suspect they have an organized trade union -- or even a government -- that allows what would otherwise be a scattered collection of freelance vermin to operate in surprising unison.

We're talking about the meteoric rise and fall of .pdf spam.

According to a monthly report from Symantec that landed here last week, .pdf spam was accounting for 20 percent of all junk e-mail in early August but by month's end had dissipated to less than 1 percent. Other spam watchers reported similar plummets.

Maybe there's some kind of SpamWorld newsletter that provides monthly marching orders and the word went forth on .pdf to cut it the heck out. Unlikely, yes.

So I asked Symantec's public relations department to ask one of the company's experts to explain what might account for such a sudden abandonment of what had become a suddenly popular tactic. Here's what I got back from Doug Bowers, Symantec's senior director of anti-abuse engineering:

"PDF spam burst onto the scene in Mid-June because spammers thought they could use it to get their message through (primarily stock pump-and-dump scams) and make a buck.

"It's dropped off quickly for one of two reasons: 1) Spammers are recalibrating their attacks and will relaunch after making adjustments; 2) spammers have become convinced that antispam systems are blocking this type of attack effectively enough that their time is better spent on alternative approaches. This could be cooking up a new type of attachment-based spam -- using MS Word, Flash video, etc. -- or coming up with a new approach entirely.

"My expectation is that we haven't seen the last of this type of attack just yet."

Makes sense. But I still like my newsletter theory.

Feds kill never-used, US$42M data-mining project

Have any of you pulled the plug on any US$42 million, never-operational IT projects recently? ... Didn't think so.

What about invasion of privacy travesties? ... No there, too? Good work, even though it looked like a couple of you flinched on that one.

I ask because the Department of Homeland Security last week copped to doing both.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments