PDF spammers have started varying attachments to fool spam filters, security vendor MessageLabs has warned.After appearing only a few months ago, the PDF phenomenon accounts for 20 percent of the image spam passing through the managed service provider’s network, the company said. In the last fortnight, however, new types of modified PDF spam had started appearing.Spam filters have now adapted, turning PDFs from a document and attachment type automatically trusted into one that is now being filtered by antispam engines, causing the spammers to send out new, altered types of PDF. Techniques include altering the rendering size of PDFs, introducing pixel changes to make PDF blocking using signatures impossible, and adding random text within PDFs.PDFs are also turning up with security features such as encryption turned on, another feature that makes it hard to scan within a document to single out spam from genuine PDFs. The overall aim is to generate so many unique PDFs that antispam engines would be overwhelmed. “This is almost certainly being automated by bots,” said Mark Sunner of MessageLabs. “It will eventually be used in conjunction with social engineering techniques,” he added, referring to targeted PDF attacks where real people are sent documents from known contacts.According to Sunner, the advantage of a managed service company such as MessageLabs is the ability to detect rogue PDFs by analyzing information such as IP source. A corporate gateway would not be able to do this because only the ISP itself would be able to see this information with any degree of reliability. “Where the PDF is coming from can also indicate a problem,” he said. In recent times, third-party systems for verifying the senders and contents of PDF documents have started to appear, including one from Geotrust that takes advantage of Adobe’s Livecycle Document Security server.— John E. Dunn, Techworld.com Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe