Spammers embedding images in popular PDF files to bypass spam filtering software rules

London, UK, 24 July 2007 – GFI Software, a leading developer of network security, content security and messaging software, has today launched a white paper to explain what PDF spam is and how spammers are using this popular file format to reach people’s mailboxes.

Research shows that between 65% and 88% of emails received is considered to be spam. Spam continues to be a headache for administrators and end-users because spammers are constantly trying to stay one step ahead of anti-spam software vendors. Although spammers registered considerable success with image spam, the anti-spam software industry had quickly come out with new counter-measures to stop image spam.

As with every cat-and-mouse game, spammers had to respond and in June 2007, they came up with a new technique that is not only ingenious but even more problematic than image spam. Instead of embedding the image within the email itself, they ‘repackaged’ it within an attachment using one of the most common file formats in use today – a PDF file.

This move is clever because email users ‘expect’ spam to be an image or text within the body of the email and not an attachment. Also, since most businesses today transfer documents using the PDF format, email users will have to check each PDF document otherwise they risk losing important documentation.

To address the PDF spam threat, administrators need to deploy as many anti-spam techniques as possible, including Bayesian filtering and PDF filtering, while at the same time maintaining a very low level of false positives.

To download a copy of the white paper, please visit http://www.gfi.com/whitepapers/attachment-spam.pdf. For information on GFI’s anti-spam and anti-phishing solution, GFI MailEssentials, visit http://www.gfi.com/mes/.

About GFI MailEssentials
GFI MailEssentials offers anti-spam for Exchange server and other email servers and eliminates the need to install and update anti-spam software on each desktop. GFI MailEssentials offers a fast set-up and a high spam detection rate using Bayesian filtering and other methods. With very low false positives, GFI MailEssentials will eliminate over 98% of the spam from your network – including PDF spam – as well as detect and block phishing emails and hard to catch image-spam through a Botnet/Zombie check. GFI MailEssentials also adds email management tools to your mail server: disclaimers, mail monitoring, Internet mail reporting, list server, server-based auto replies and POP3 downloading.