Are spammers trying their hand at PDF spam again? Symantec hasobserved a small comeback of PDF spam in the early days of October. PDFspam volume was observed at about zero percent at the end of Septemberand is currently at around two percent.
In recent days we’ve seen the emergence of one PDF pump-and-dumpstock attack of which we have seen over 20,000 messages. This attackconsists of highly randomized headers and body. The body contains thetext for the stock being promoted followed by randomized text in the‘Shakespeare’ technique of spamming. This technique is when a spammertakes blocks of texts from existing works and inserts them into thespam message in attempt to avoid anti-spam filters. A sample of thepump-and-dump stock portion of the message follows:
Fearless International (FRLE) $0.19
Fearless International Inc., a luxury performance boat manufacturer,
has been the focus of the media for the last several months in magazine
such as GQ, Time, Bloomberg Markets, Maxim, and over 20 others.
PDF spam was widely observed in June, reached a peak in early Augustand then began a decline through September where by the end it wasbarely a blip on the radar. Now, in the early days of October, we areclosely monitoring this small revival of PDF spam that is currentlybeing observed.