why all the .pdf e-mails?

  • Thread starter Thread starter Steve T
  • Start date Start date
S

Steve T

Just a general question for the group regarding spam/viruses. Is it just me
or is there a sudden massive increase in .pdf file attachments in everybody
else's e-mails too? I run Mailwasher Pro so I delete these at the server
before they get to me. Is there some kind of virus or something circulating
out there in the guise of a .pdf file? I probably get about 30 a week.
Thanks, Steve T.
 
Steve T wrote:

> Just a general question for the group regarding spam/viruses. Is it just me
> or is there a sudden massive increase in .pdf file attachments in everybody
> else's e-mails too? I run Mailwasher Pro so I delete these at the server
> before they get to me. Is there some kind of virus or something circulating
> out there in the guise of a .pdf file? I probably get about 30 a week.
> Thanks, Steve T.
>
>

Don't know and don'care. But remember the basic rule of managing e-mails:
Do not open any that is questionable. And yes, these *.pdf e-mails have
become quite prevalent.
 
Steve T wrote:
> Just a general question for the group regarding spam/viruses. Is it
> just me or is there a sudden massive increase in .pdf file
> attachments in everybody else's e-mails too? I run Mailwasher Pro
> so I delete these at the server before they get to me. Is there
> some kind of virus or something circulating out there in the guise
> of a .pdf file? I probably get about 30 a week. Thanks, Steve T.

Spammers are pumping out junk in the form of PDF attachments as of late.
These are 'harmless'(in a system security sense) in the fact that they are
what are known as 'pump and dump' scams - or...

1. Scammers buy worthless stock at a very low price
2. Fake email is sent to millions of people, claiming the stock is projected
to move
3. People buy into the scam, and thus buy the stock, thereby raising the
price
4. The scammers sell off their holdings for a hefty profit
5. The victims are left holding worthless stock

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
On Mon, 9 Jul 2007 17:55:51 -0700, "Steve T"
<stumas@NOBINGOcharter.net> wrote:

> Just a general question for the group regarding spam/viruses. Is it just me
> or is there a sudden massive increase in .pdf file attachments in everybody
> else's e-mails too? I run Mailwasher Pro so I delete these at the server
> before they get to me. Is there some kind of virus or something circulating
> out there in the guise of a .pdf file? I probably get about 30 a week.


Yes, there's been a recent big increase in such spam. Just ignore it,
as you should all spam, and do *not* open the attachments.

I'm not sure whether the attachments are infected, but I have no
interest in finding out, and won't open them. I never open
attachments at all, except from a *very* few trusted sources, and then
only when I'm expecting them.

--
Ken Blake, Microsoft MVP Windows - Shell/User
Please Reply to the Newsgroup
 
Shenan Stanley <newshelper@gmail.com> wrote:
> Steve T wrote:
>> Just a general question for the group regarding spam/viruses. Is it
>> just me or is there a sudden massive increase in .pdf file
>> attachments in everybody else's e-mails too? I run Mailwasher Pro
>> so I delete these at the server before they get to me. Is there
>> some kind of virus or something circulating out there in the guise
>> of a .pdf file? I probably get about 30 a week. Thanks, Steve T.
>
> Spammers are pumping out junk in the form of PDF attachments as of late.
> These are 'harmless'(in a system security sense) in the fact that they are
> what are known as 'pump and dump' scams - or...
>
> 1. Scammers buy worthless stock at a very low price
> 2. Fake email is sent to millions of people, claiming the stock is
> projected to move
> 3. People buy into the scam, and thus buy the stock, thereby raising the
> price
> 4. The scammers sell off their holdings for a hefty profit
> 5. The victims are left holding worthless stock
>
> --
> Shenan Stanley
> MS-MVP

Exactly... I see about 3 -5 of those PDF ones in my junk box daily. Since
I've been known to share the wealth - I usually forward these "stock tips "
to my enemies weekly... in bulk. 8D
 
That is exactly how my a/v / spyware s/w works. 99% of these emails
containing .pdf go right into spam folder. Any that are missed I just
delete. I delete anythng I don't recognize.


"Ken Blake, MVP" <kblake@this.is.am.invalid.domain> wrote in message
news:n8o593hpgnht2qidfkdjir9tp1flkkrofh@4ax.com...
> On Mon, 9 Jul 2007 17:55:51 -0700, "Steve T"
> <stumas@NOBINGOcharter.net> wrote:
>
>> Just a general question for the group regarding spam/viruses. Is it just
>> me
>> or is there a sudden massive increase in .pdf file attachments in
>> everybody
>> else's e-mails too? I run Mailwasher Pro so I delete these at the server
>> before they get to me. Is there some kind of virus or something
>> circulating
>> out there in the guise of a .pdf file? I probably get about 30 a week.
>
>
> Yes, there's been a recent big increase in such spam. Just ignore it,
> as you should all spam, and do *not* open the attachments.
>
> I'm not sure whether the attachments are infected, but I have no
> interest in finding out, and won't open them. I never open
> attachments at all, except from a *very* few trusted sources, and then
> only when I'm expecting them.
>
> --
> Ken Blake, Microsoft MVP Windows - Shell/User
> Please Reply to the Newsgroup
 
Shenan Stanley wrote:

> Spammers are pumping out junk in the form of PDF attachments as of
> late. These are 'harmless'(in a system security sense) in the fact
> that they are what are known as 'pump and dump' scams - or...
>
> 1. Scammers buy worthless stock at a very low price
> 2. Fake email is sent to millions of people, claiming the stock is
> projected to move
> 3. People buy into the scam, and thus buy the stock, thereby raising
> the price
> 4. The scammers sell off their holdings for a hefty profit
> 5. The victims are left holding worthless stock

You know, if you could time it right, you could sell short!
 
"Steve T" wrote in message news:eGfgQ0owHHA.840@TK2MSFTNGP03.phx.gbl...
> Just a general question for the group regarding spam/viruses. Is it
> just me or is there a sudden massive increase in .pdf file attachments
> in everybody else's e-mails too? I run Mailwasher Pro so I delete
> these at the server before they get to me. Is there some kind of virus
> or something circulating out there in the guise of a .pdf file? I
> probably get about 30 a week.


Because many spam filters will not open .pdf file to interrogate their
content. Plus that content can be a graphical image rather than
readable (and parsable) text which means the spam filter can't see into
that content. Some spammers started sending image (as attachments) to
their spew to hide the content from spam filters. PDF gives them a
double-layered approach to hide the content that spam filters can't
recognize but your eyes can. By requiring the use of document viewing
applications (Adobe Reader), spammers were attempting to bypass the text
and image scanning engines in anti-spam programs. This PDF-laden spam
started in late June.
 
It may be more serious than that. There is a PDF exploit:

http://news.netcraft.com/archives/2...e_in_pdf_reader_could_expose_local_files.html

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:%233rhf4owHHA.1204@TK2MSFTNGP03.phx.gbl...
> Steve T wrote:
>> Just a general question for the group regarding spam/viruses. Is it
>> just me or is there a sudden massive increase in .pdf file
>> attachments in everybody else's e-mails too? I run Mailwasher Pro
>> so I delete these at the server before they get to me. Is there
>> some kind of virus or something circulating out there in the guise
>> of a .pdf file? I probably get about 30 a week. Thanks, Steve T.
>
> Spammers are pumping out junk in the form of PDF attachments as of late.
> These are 'harmless'(in a system security sense) in the fact that they are
> what are known as 'pump and dump' scams - or...
>
> 1. Scammers buy worthless stock at a very low price
> 2. Fake email is sent to millions of people, claiming the stock is
> projected to move
> 3. People buy into the scam, and thus buy the stock, thereby raising the
> price
> 4. The scammers sell off their holdings for a hefty profit
> 5. The victims are left holding worthless stock
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>
 
"RalfG" wrote in message news:uy8DuVxwHHA.4464@TK2MSFTNGP02.phx.gbl...
> It may be more serious than that. There is a PDF exploit:
>
> http://news.netcraft.com/archives/2...e_in_pdf_reader_could_expose_local_files.html


Geez, look at the article's datestamp of 2 YEARS AGO. If the Abode
Reader user hasn't performed a product upgrade since then then they
probably haven't done updates to Windows, anti-spam database,
anti-virus, anti-malware, and other security software in as along. Such
a user deserves what they get for not staying current.
 
Just because the article and info is two years old doesn't mean there aren't
new ones that have kept ahead of the curve.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Vanguard" <no@mail.invalid> wrote in message
news:uQ$c69ywHHA.5036@TK2MSFTNGP03.phx.gbl...
> "RalfG" wrote in message news:uy8DuVxwHHA.4464@TK2MSFTNGP02.phx.gbl...
>> It may be more serious than that. There is a PDF exploit:
>>
>> http://news.netcraft.com/archives/2...e_in_pdf_reader_could_expose_local_files.html
>
>
> Geez, look at the article's datestamp of 2 YEARS AGO. If the Abode Reader
> user hasn't performed a product upgrade since then then they probably
> haven't done updates to Windows, anti-spam database, anti-virus,
> anti-malware, and other security software in as along. Such a user
> deserves what they get for not staying current.
>
 
"Gary S. Terhune" wrote in message
news:O4BU1QzwHHA.3560@TK2MSFTNGP02.phx.gbl...
> Just because the article and info is two years old doesn't mean there
> aren't new ones that have kept ahead of the curve.


So how does a 2-year article indicate that there are new vulnerabilities
reported in newer articles? I will say, however, that seeing an article
about a really old vulnerability may get the OP to do a Google search on
more recent ones.
 
"Vanguard" <no@mail.invalid> wrote in message
news:uQ$c69ywHHA.5036@TK2MSFTNGP03.phx.gbl...
> "RalfG" wrote in message news:uy8DuVxwHHA.4464@TK2MSFTNGP02.phx.gbl...
>> It may be more serious than that. There is a PDF exploit:
>>
>> http://news.netcraft.com/archives/2...e_in_pdf_reader_could_expose_local_files.html
>
>
> Geez, look at the article's datestamp of 2 YEARS AGO. If the Abode Reader
> user hasn't performed a product upgrade since then then they probably
> haven't done updates to Windows, anti-spam database, anti-virus,
> anti-malware, and other security software in as along. Such a user
> deserves what they get for not staying current.
>

My company is so on the ball that we are running Acrobat Reader V6, so we're
all right.
 
Someone in this thread stated that PDF attachments were harmless spam. That
isn't neccessarily true.

For a lot of people "Adobe reader" is just some junk they never use that was
already on the computer when they got it. Whether they meticulously do
updates or not, nobody "deserves" to be victimized. Right now only version 8
of Adobe reader might be exploit safe.

"Vanguard" <no@mail.invalid> wrote in message
news:eDiV583wHHA.4592@TK2MSFTNGP05.phx.gbl...
> "Gary S. Terhune" wrote in message
> news:O4BU1QzwHHA.3560@TK2MSFTNGP02.phx.gbl...
>> Just because the article and info is two years old doesn't mean there
>> aren't new ones that have kept ahead of the curve.
>
>
> So how does a 2-year article indicate that there are new vulnerabilities
> reported in newer articles? I will say, however, that seeing an article
> about a really old vulnerability may get the OP to do a Google search on
> more recent ones.
 
RalfG wrote:
> Someone in this thread stated that PDF attachments were harmless
> spam. That isn't neccessarily true.
>
> For a lot of people "Adobe reader" is just some junk they never use
> that was already on the computer when they got it. Whether they
> meticulously do updates or not, nobody "deserves" to be victimized.
> Right now only version 8 of Adobe reader might be exploit safe.

I would say Acrobat 8.1.0 - not just 8...

And it was not stated that all PDF attachments were harmless - that the
current round of 'pump and dump' scam PDFs were harmless. As with anything
else - that can change within moments. ;-)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
On Tue, 10 Jul 2007 13:11:07 -0400, "RalfG"

>It may be more serious than that. There is a PDF exploit:

>http://news.netcraft.com/archives/2...e_in_pdf_reader_could_expose_local_files.html

There's also "by design" exploitability built into Acrobat "reader":
- JavaScript
- launches other non-.PDF files
- "multimedia operations"

These settings can, and IMO should, be neutered via Edit, Preferences.

These facilities are already used commercially in dubious ways, e.g. a
"service" that can alert you whenever someone reads your .PDF
(implying "call-home" behaviour within Acrobat Reader).

So far, the recent barrage of .PDF attachments - which I would not
open - have been "flat" (non-malware) stock-boosting scams.



>------------------------- ---- --- -- - - - -
I'm on a ten-year lunch break
>------------------------- ---- --- -- - - - -
 

Similar threads

AWS
Disrupting SEABORGIUM’s ongoing phishing operations
Replies
0
Views
216
AWS
AWS
AWS
September 2023 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
157
AWS
AWS
AWS
The federal Zero Trust strategy and Microsoft’s deployment guidance for all
Replies
0
Views
238
AWS
AWS
AWS
November 2022 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
407
AWS
AWS
AWS
September 2022 - Microsoft 365 US Public Sector Roadmap Newsletter
Replies
0
Views
221
AWS
AWS
Back
Top