Malicious spam on the rise, PDF spam RIP

During August 2007 Sophos identified a series of large-scale malware attacks made via spam email, with weblinks inserted into spam messages that directed recipients to malicious websites designed to infect their PCs. One such campaign involved eCard spam, with an estimated nine million malicious eCard messages being sent out within a 48-hour period. Users that visited the link contained in the message would not receive an eCard, but would find their PC infected by the JSEcard Trojan horse, thus exposing it to further threats.

Similar campaigns were launched that offered pictures of nude celebrities, YouTube movies, and pop music videos, providing recipients clicked on the malicious link enclosed.

Having been first identified in June 2007, August saw a dramatic rise in the amount of PDF spam being relayed, only for it to tail away in similarly dramatic fashion shortly after. In early August, SophosLabs identified a new spam message with an attached PDF file, urging internet users to purchase shares in a company called Prime Time Group Inc. The spike in spam was so significant that it resulted in the amount of spam seen by Sophos’s global traps rising by 30 percent in 24 hours.

However, just weeks later, levels of PDF spam had dropped to virtually zero – evidence that the new tactic had failed in its attempts to encourage investment. Sophos experts note that PDF spam is not an immediate way of communicating with an audience, particularly when compared to a marketing message within an email client’s preview pane, which may account for why it did not resonate with recipients.