(Not long now before the final computer thingamajigs arrive so I can get back to DDYT stuff)
Have you started to notice the rise of PDF Spamming?
Isn't life being connected to the Internet like living in "interesting times"? So many exciting 'positives' & benefits from this interconnected way of communicating & yet so many new hazards to negotiate. Those intent on malicious endeavours have found a powerful medium with which to dramatically expand their sphere of influence with minimal risk of substantive consequences. The cost of their endeavours are borne by us either directly or indirectly.
Spamming techniques & strategies have evolved over the last decade. Methods for obfuscation; harvesting email addresses; 'hijacking' computers; and content packaging & delivery have become more sophisticated to keep abreast of the detection & defensive counter measures.
Over the last year, image based spamming (embedding messages in GIF and JPEG files) has been the approach du jour however it now appears to be fading in preference for a new method for content packaging. Over the last few months there has been a rapid rise in the use of PDF files for delivering the spamming content. In this first generation of PDF content delivery, it is being used as a very simple delivery for existing spam content and generally is just a quick repackaging of the previous image technique. I'm not aware of the PDF format containing a more sinister payload with this current generation but be vigilant as this may change.
My first encounter with this delivery method slipped under my guard. It came in an email identifying itself as an invoice. I am used to receiving invoices in an electronic method (no surprise that businesses choose to deliver it this way as it is significantly cheaper than the traditional hard copy + postage method). Alarm bells did ring but for a different reason. I was fearing credit card abuse.
"Who's been using my credit card?" I muttered, "Damn that Goldilocks - I always thought that bed-napping, porridge-pinching vagabond would come to no good!!"
Existing security software didn't register any threat when I opened the document (and it may be some time before software defensive strategies take account of this new threat & devise appropriate counter measures) . The document did not contain any malicious payload this time but it now means that there is an additional overhead in dealing with the current threat & the the potential dangers that will arise when a more malicious payload is embedded into it.
For those interested in knowing more, here are further links:
...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment