Welcome to MSDN Blogs Sign in | Join | Help

Terry Zink's Anti-spam Blog

Protecting your mail from the scum of the internet
Where has all the pdf spam gone?

I'm checking our statistics on the amount of pdf spam we're seeing, and after Aug 20 (last week) it seems to have disappeared.

It hasn't disappeared entirely, of course.  But my spam rules that targeted this stuff have gone from a couple million hits per day to a few tens of thousands of hits per day.  There is a very clear delineation at Aug 20.  So, there are a few possibilities:

  1. Spammers have stopped sending pdf spam.  This is either temporary until they start up again (more likely) or they have given up on it completely because the anti-spam community has figured out a way to block it (less likely).
  2. Other spam rules that I have created are hitting pdf spam thus causing some of my tracking rules not to fire.
  3. My stats are wrong and something changed on our internal processes that troll through the logs and update the numbers.
  4. We're blocking the pdf spam mail via blacklists, therefore we don't content scan and hence no statistics.

This is a little weird because we are seeing as much mail as we have ever seen on our network, but my pdf rules have tailed off.

Posted: Monday, August 27, 2007 10:28 AM by tzink
Filed under:

Comments

szurgot said:

I personally have seen the PDF spam drop off, now it's the YouTube LMAO phishing scam that I've been getting at a rate of about 10 per day.

# August 27, 2007 12:34 PM

Justin Mason said:

hi Terry --

I haven't really looked into it, but I would guess that the high volumes of PDF were from the Storm botnet; it appears to have switched to sending that YouTube spam with links to its malware, possibly to "seed" more nodes.

In our (SpamAssassin's) spamtraps, Storm output is very heavy these days.

# August 27, 2007 1:07 PM

Norman Diamond said:

I'd have thought that no one would even open a PDF spam except to check whether to send a copy to the SEC.  I thought this would be one of the few cases where spammers would get a net negative result from their activities and that would be why they stopped.

# August 27, 2007 9:28 PM

CJ said:

May be because they switched to a different file format. I saw a few .xls come in after this date.

# September 5, 2007 11:50 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker