Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Malware 2.0 - Avoiding Detection | Main | iPhone Gets Hacked; Mac Fans Still Say Windows Sucks More »

Blocking New Kinds of Spam: Check Content not File Types

The recent a drop in image spam and an increase in PDF spam is no surprise. Once detection rates improve beyond a certain point, its worth the time and effort of spammers to find another tactic. It also means we're not done with spam once we get better at detecting PDF spam. The SecuriTeam Blog is reporting DOC spam now.

It's hard to know what percentage of spam is now coming through as PDFs, here are some widely varying statistics on PDF spam from SecurityFocus

While security firms agreed that PDF files started regularly appearing as spam attachment about mid-June, estimates for the volume of PDF spam varied somewhat between companies. MessageLabs, which filters out virus-laden and spam e-mail messages for its clients, estimated that about 30 percent of all spam now uses PDF files. Security firm McAfee had a more modest estimate that 2.6 percent of all junk e-mail messages carried PDF files. While Symantec, the owner of SecurityFocus, has found the fraction varies between 2 and 7 percent.

The volume of PDF spam will fluctuate and other document types will be used. The problem is that shortcut measures, like allowing all PDF files through but blocking image files will no longer work. It's the content, not the file type that needs to be analyzed.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on July 23, 2007 8:14 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/360

Comments

Checkout a module I wrote called “PDFassassin” which is a plugin for SpamAssassin.

This can scan emails for PDF attachments, uses the pdftotext utility to extract the text for Spam messages, and also extracts images and uses OCR to pin-point Spam messages embedded in pictures.

This plugin can really help prevent the wave of PDF spam messages from hitting your mbox

Details at:

http://blog.atmail.com/?p=61

The arms race continues!

Posted by: Ben Duncan | July 23, 2007 10:02 AM

This could be helpful but now we have to deal with image spam (including 3D images) and other forms of document spam.

I'm afraid spammers will keep changing tactics as fast as we can train filters with new detection patterns.

Posted by: Dan | September 5, 2007 7:00 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net