SPAM containing PDF document

Discussion in 'Computer Support' started by Jack B. Pollack, Jul 1, 2007.

  1. The past few days I have been receiving a lot of SPAM messages with attached
    PDFs. I haven't opened the PDFs, but am curious if the PDFs just contain
    some kind of add for say Viagra, or is there some exploit that is being
    introduced through the file.

    Anyone know.

    Thanks
    Jack B. Pollack, Jul 1, 2007
    #1
    1. Advertising

  2. Jack B. Pollack

    Mike Easter Guest

    Jack B. Pollack wrote:
    > The past few days I have been receiving a lot of SPAM messages with
    > attached PDFs. I haven't opened the PDFs, but am curious if the PDFs
    > just contain some kind of add for say Viagra, or is there some
    > exploit that is being introduced through the file.


    How would we know what is in your spam?

    As a general rule, I recommend against opening spam to find out what it
    contains, for various reasons. Typically it is not necessary to open a
    spam to determine that it is spam, and the item can be deleted or
    reported without opening it by simply inspecting its complete headers.

    That being said, advanced spamfighters often research the content or
    'composition' of a spam or the content of the spamvertised site or chase
    down the redirectors of spamvertised sites for purposes of determining
    which spamgangs are working in which way or which website providers are
    providing for which gangs.

    That being said, if you are going to turn into an advanced spamfighter
    instead of merely a curious spammee, then you are going to have to find
    ways to open your own spam to determine what it contains, because when
    you post here, we don't know what the content of your spam is.

    If I want to go to the ng where spam is posted,
    news.admin.net-abuse.sightings and isolate some recent spam which was
    sent with a .pdf attachment, I can do that. If I want to decode the b64
    attachment to derive the attached .pdf then I can do that too. If I
    want to use a .pdf reader to read the content of the .pdf to see what
    was being spamvertised, then I could do that too.

    If I did all of that, I still wouldn't know what the content of your
    spam's .pdf is, would I?

    The recent discussion in nanae^1 sez that it is just another rendition
    of stockspam.

    ^1 http://snipr.com/1nqlx
    From: Kevin Wayne Williams
    Newsgroups: news.admin.net-abuse.email
    Subject: This recent burst of PDF formatted spam
    Date: Sat, 30 Jun 2007 10:41:28 -0400



    --
    Mike Easter
    Mike Easter, Jul 1, 2007
    #2
    1. Advertising

  3. Jack B. Pollack

    Daave Guest

    Jack B. Pollack wrote:
    > The past few days I have been receiving a lot of SPAM messages with
    > attached PDFs. I haven't opened the PDFs, but am curious if the PDFs
    > just contain some kind of add for say Viagra, or is there some
    > exploit that is being introduced through the file.


    That's a new one.

    I know that spam e-mails often contain images so there isn't any text
    that might alert a spam filter, but I've never heard of spam containing
    a .pdf attachment.

    Are you really just curious to know what is occurring, are you concerned
    that you might be open to malware infection?

    If the latter and if you would like to assure a safer e-mail experience,
    either move to a more secure client (like Thunderbird) or make sure your
    OE is configured safely:

    http://www.people.cornell.edu/pages/drb1/Windows/OutLookExpress/OutLookExpress.htm
    Daave, Jul 1, 2007
    #3
  4. Jack B. Pollack

    ded Guest

    "Jack B. Pollack" <> wrote in message
    news:4687a65c$0$8039$...
    > The past few days I have been receiving a lot of SPAM messages with
    > attached
    > PDFs. I haven't opened the PDFs, but am curious if the PDFs just contain
    > some kind of add for say Viagra, or is there some exploit that is being
    > introduced through the file.
    >
    > Anyone know.
    >
    > Thanks
    >
    >


    I got some of those as well, the invest/stock market type crap.
    Spammers tried as jpegs but filters sussed that ruse, now they
    are PDF, and it gets through the filters...for now.
    You're with roadrunner, they would have scanned PDF attachments,
    all it is, yet another ruse to get past spam filters.
    ded, Jul 1, 2007
    #4
  5. Jack B. Pollack

    Evan Platt Guest

    On Sun, 1 Jul 2007 09:04:29 -0400, "Jack B. Pollack" <>
    wrote:

    >The past few days I have been receiving a lot of SPAM messages with attached
    >PDFs. I haven't opened the PDFs, but am curious if the PDFs just contain
    >some kind of add for say Viagra, or is there some exploit that is being
    >introduced through the file.


    For the most part, they're just 'text' containing spam. Blurred
    background to attempt to get past the OCR scanners.
    --
    To reply via e-mail, remove The Obvious from my e-mail address.
    Evan Platt, Jul 1, 2007
    #5
  6. Daave wrote:

    > Jack B. Pollack wrote:
    >> The past few days I have been receiving a lot of SPAM messages with
    >> attached PDFs. I haven't opened the PDFs, but am curious if the PDFs
    >> just contain some kind of add for say Viagra, or is there some
    >> exploit that is being introduced through the file.

    >
    > That's a new one.


    Earlier this year.

    > I know that spam e-mails often contain images so there isn't any text
    > that might alert a spam filter, but I've never heard of spam
    > containing a .pdf attachment.


    Spammers and their other criminal friends will try anything, right?

    > Are you really just curious to know what is occurring, are you
    > concerned that you might be open to malware infection?
    >
    > If the latter and if you would like to assure a safer e-mail
    > experience, either move to a more secure client (like Thunderbird) or
    > make sure your OE is configured safely:


    Wise choice. Further, one could also dump the Adobe reader which is
    known for being exploitable,
    http://blog.wired.com/monkeybites/2007/01/serious_flaw_fo.html

    ...and use a far-less bloated PDF-reading application such as the free
    FoxItReader. It is a 1.7MB download, as opposed to the ~20MB Adobe
    reader.
    http://foxitsoftware.com/pdf/rd_intro.php

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, Jul 1, 2007
    #6
  7. Jack B. Pollack

    Daave Guest

    Beauregard T. Shagnasty wrote:
    > Daave wrote:
    >
    >> Jack B. Pollack wrote:
    >>> The past few days I have been receiving a lot of SPAM messages with
    >>> attached PDFs. I haven't opened the PDFs, but am curious if the PDFs
    >>> just contain some kind of add for say Viagra, or is there some
    >>> exploit that is being introduced through the file.

    >>
    >> That's a new one.

    >
    > Earlier this year.
    >
    >> I know that spam e-mails often contain images so there isn't any text
    >> that might alert a spam filter, but I've never heard of spam
    >> containing a .pdf attachment.

    >
    > Spammers and their other criminal friends will try anything, right?


    I guess it shouldn't surprise me; I just thought that there might be a
    disincentive to send that much data per e-mail. Then again, I suppose
    that's not the spammers problem, especially if a botnet is involved.
    Daave, Jul 1, 2007
    #7
  8. Thanks all

    "Jack B. Pollack" <> wrote in message
    news:4687a65c$0$8039$...
    > The past few days I have been receiving a lot of SPAM messages with

    attached
    > PDFs. I haven't opened the PDFs, but am curious if the PDFs just contain
    > some kind of add for say Viagra, or is there some exploit that is being
    > introduced through the file.
    >
    > Anyone know.
    >
    > Thanks
    >
    >
    Jack B. Pollack, Jul 1, 2007
    #8
  9. Daave wrote:

    > Beauregard T. Shagnasty wrote:
    >> Spammers and their other criminal friends will try anything, right?

    >
    > I guess it shouldn't surprise me; I just thought that there might be
    > a disincentive to send that much data per e-mail. Then again, I
    > suppose that's not the spammers problem, especially if a botnet is
    > involved.


    Heh, what does a spammer care about how many bytes he sends; he is not
    paying for the bandwidth. We are.

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, Jul 1, 2007
    #9
  10. Jack B. Pollack

    Plato Guest

    Jack B. Pollack wrote:
    >
    > The past few days I have been receiving a lot of SPAM messages with attached
    > PDFs. I haven't opened the PDFs, but am curious if the PDFs just contain
    > some kind of add for say Viagra, or is there some exploit that is being
    > introduced through the file.


    Dont even read the spam, just hit Deltete Key.

    --
    http://www.bootdisk.com/
    Plato, Jul 3, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SP
    Replies:
    13
    Views:
    763
    TechGeekPro
    Dec 9, 2005
  2. Chayanne
    Replies:
    3
    Views:
    873
    fazal.shaikh
    Jul 3, 2007
  3. David H. Lipman
    Replies:
    0
    Views:
    448
    David H. Lipman
    Nov 16, 2003
  4. Replies:
    2
    Views:
    485
  5. Replies:
    0
    Views:
    470
Loading...

Share This Page