StarDestroyer.Net BBS

Not sure if this is more appropriate in OT since it's not about computers per se, but has anyone noticed a surge in spam with PDF attachments? Over the last 3 or 4 weeks, I've been getting dozens of spam mailings with some kind of PDF attached. Usually it's named "receipt," "E-mail" or "billing" or something that's presumably supposed to look "legitimate" to a gullible user. I've already gotten 10 or so today. I've never seen so many attached PDFs (let alone attachments of any kind) in spam over such a relatively short timespan, so it just seemed a bit unusual.

I've noticed a lot lately as well; however, I've not yet been brave (foolish?) enough to try opening one to see what it contains.

Strangely I can't recall ever gotten PDF spam in my gmail account. Either they just don't send it my way or my spam filter catches it all.

Pumako wrote:I've noticed a lot lately as well; however, I've not yet been brave (foolish?) enough to try opening one to see what it contains.

Oh, I haven't opened any of them. It's just that the file name is usually (for example, the most recent one) something like: "Document-d71c2a8.pdf"

The subject of each has typically been something similar to the specific PDF file's name.

Now I happen to get PDFs quite frequently as part of my work, but this surge in PDF spam is something new. Sometimes the legit PDFs I get have file names like "2387-Brochure_1.12.pdf" so I am being even more cautious lately!

General Zod wrote:Strangely I can't recall ever gotten PDF spam in my gmail account. Either they just don't send it my way or my spam filter catches it all.

I'm not very familiar with gmail or other web-based e-mail services beyond a Hotmail account I have as a backup, but I am just using Eudora 7.whatever version it is with my Verizon account. I suppose something like gmail might have a more stringent default spam catcher. My AV software scans everything that comes through Eudora both ways and so far, no virii.

I hope.

PS it's 'viruses'?

Is your Verizon account somehow linked to a particular version of Eudora? How would this be done? If you're worried, get the latest version.

I've just been hit with a nontrivial amount coming through my university's spam filters.

I've been getting a crapload of that same shit lately and it seems to bypass my usually efficient spam filters in Thunderbird. Not going to touch it them except to toss them to the shredder.

Are you sure that it's the true extension is shown so that it's not "filename.pdf.exe" or something similar?

I'd never open an unsolicited PDF file.

They're usually normal PDFs with pump-and-dump stock schemes. It's just another way to try and get around spam filters.

Stark wrote:PS it's 'viruses'?

I know, it was merely a very lame attempt at web-humor.

In the English language, the standard plural of virus is viruses. This is the most frequently occurring form of the plural, and refers to both a biological virus and a computer virus.

The less frequent variations viri and virii are virtually unknown in edited prose, and no major dictionary recognizes them as alternative forms. Their occurrence can be variously attributed to hypercorrection formed by analogy to Latin plurals such as alumni or false analogy to Latin plurals such as radii; idiosyncratic use as jargon among a group, such as computer hackers; and deliberate word play, such as on BBSs (see, e.g.: leet).

I'll take my beating now.

Is your Verizon account somehow linked to a particular version of Eudora? How would this be done? If you're worried, get the latest version.

No, I can use any kind of e-mail client I want. I've just been using some version of Eudora since 1997 or so, so I'm used to it.

Mange wrote:Are you sure that it's the true extension is shown so that it's not "filename.pdf.exe" or something similar?

I'd never open an unsolicited PDF file.

It does seem to be a real *.pdf file type. But I haven't clicked on any of them. Just as with As Edi above, I shred 'em.

phongn wrote:They're usually normal PDFs with pump-and-dump stock schemes. It's just another way to try and get around spam filters.

Ah, those crafty little buggers! For all I know, any infected attachments I'd otherwise get are routinely intercepted, but since these seem to be mere PDFs (scams aside), I guess this surge in unsolicited attachments is getting through.

The Thunderbird mail filter has caught up to this latest shit quite adequately. I don't even see them anymore, they get directly flushed now.

yeah, I only see them when I check my spam filters.

which is scary enough every day, since some topics here & space battles, or anything going on at the old bolter and chainsword actually don't get past my spam filter, but that bitch with her penis enlargement ad does.

I'm necroing this thread to state that first of all, I've received a ton of PDF spam of late, and secondly, and more importantly, the Wall Street Journal is now covering this issue.

Here is the link.

If the above link does not work for subscribers, let me know so that I can quote it and or e-mail it to you (which the WSJ lets you do).

EDIT: A note to mods, I believe this form of necroing is specifically allowed, since I'm adding a relevant news article on this growingly important subject, since we're all getting increasing amounts of this stuff, if, however, ironically you deem me to have spammed this, feel free to lock this thread or otherwise inflict pain and humiliation upon me.

I've noticed a sharp uptick in spam of all kinds lately, including PDF spam. And it's not just some Trekkie or creationist who found out my E-mail address and signed me up for E-mail lists out of spite; it's happening on my work E-mail, my brother's E-mail, etc. I get the feeling that the spammers have not only stumbled onto the PDF trick, but they've also found new ways to fool the smart filters.

I've been getting a lot lately too. Tons actually.

I've never gotten it before,

one I'm glad that the USPS never got their bill through to charge us for each email RECIEVED, then the spammers would have bankrupted me, and everyone else by now...

two, I find it annoying that my legitamate links are getting held up in my kill filter, and the damn spam is STILL getting through....

IMO what may be needed is a complete redesign of "e-mail", from the ground up, perhaps something analogous to the development of SSH to replace Telnet. Some kind of secured system, with authentication not only for accessing incoming and outgoing mail servers, but to allow for the actual sending of e-mail.

The problem, of course, is that this would break the current approach to e-mail, where e-mail addresses can be easily and freely created by anyone, and as people move between employers, their e-mail addresses change. A possible solution to that for a new secured e-mail system would be to assign each user a centrally administered personal ID code, which would be revoked if that user ever spammed, and would be their code irrespective of their employer or the appearance of their e-mail address.

Of course, another aspect is that anonymity would be lost with such a system, and a migration from the currently used e-mail system to a brand new one could be rather...complex.

The Yosemite Bear wrote:one I'm glad that the USPS never got their bill through to charge us for each email RECIEVED, then the spammers would have bankrupted me, and everyone else by now...

two, I find it annoying that my legitamate links are getting held up in my kill filter, and the damn spam is STILL getting through....

Actually, it's a good thing that's a hoax.

RThurmont wrote:IMO what may be needed is a complete redesign of "e-mail", from the ground up, perhaps something analogous to the development of SSH to replace Telnet. Some kind of secured system, with authentication not only for accessing incoming and outgoing mail servers, but to allow for the actual sending of e-mail.

The entirety of the Internet really needs to be re-architected. It was designed for a userbase that was relatively small and trustable - and it's a small miracle that it's been able to scale this well. Of course, there have been many proposals to do exactly this and they all fail due to incompatibility.

I have not noticed any increase of spam on my gmail account, and seem to have no spam with attached PDFs. Also, no spam have breached the spam filter in the last two months.

RThurmont wrote:IMO what may be needed is a complete redesign of "e-mail", from the ground up, perhaps something analogous to the development of SSH to replace Telnet. Some kind of secured system, with authentication not only for accessing incoming and outgoing mail servers, but to allow for the actual sending of e-mail.

The problem, of course, is that this would break the current approach to e-mail, where e-mail addresses can be easily and freely created by anyone, and as people move between employers, their e-mail addresses change. A possible solution to that for a new secured e-mail system would be to assign each user a centrally administered personal ID code, which would be revoked if that user ever spammed, and would be their code irrespective of their employer or the appearance of their e-mail address.

Of course, another aspect is that anonymity would be lost with such a system, and a migration from the currently used e-mail system to a brand new one could be rather...complex.

Who's going to administer it? Who funds this new bureaucracy?