Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
Computerworld Publication PageNetworkWorld Publication PageCIO Canada Publication PageITJobUniverse.ca - The Information, Communication and Technology (ICT) Job Board
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"Gartner Research Note "Boost SharePoint Performance with an Application Delivery Network"
Provided by: Citrix
read more
From fear to value: CIO strategies for propelling business through the economic crisisFrom fear to value: CIO strategies for propelling business through the economic crisis
Provided by: IBM
read more
Reaping the rewards of your service-oriented architecture infrastructureReaping the rewards of your service-oriented architecture infrastructure
Provided by: IBM
read more
Yuk it Up
Featured White Papers
Download the Network Barometer Report, which aggregates findings from secure network infrastructure assessments conducted for more than 150 organisations around the world. It provides some surprising stats on the state of network (un)readiness prevalent today; the reasons why organisations are failing at remediating known vulnerabilities; recommendations on assessing your own infrastructure, and on ways to improve your state of readiness to support the business; and more.
Early-generation server load-balancing technology has proven to be an invaluable asset, especially for organizations hosting widely utilized Web applications. But business requirements evolve, as do the processes and technologies used to fulfill them. The many changes and trends that have taken hold since SLBs were first introduced expose the need for enterprises to step up from a simple load-balancing solution to a more comprehensive application delivery solution . This paper is intended to serve as a guide for organizations looking to replace their early-generation SLBs, providing details on the top eight criteria to use during an evaluation process.
Featured Spotlight
Keep up on who's hiring, who's downsizing and how the government is helping. News, job opportunities, recruiters and employment lawyers are all available.
Sign-Up for
Security
eNewsletter Delivered Weekly
Click here
Page 1 of 1

Digg it Twitter

Image spammers try PDFs on for size

By: Kathleen Lau - ComputerWorld Canada  (18 Jul 2007)

Spam filter reports from a couple of months ago suggested the usual barrage of image spam had eased up, but the reality is those images had merely assumed a new identity: Portable Document Format (PDF).

Most vendors of messaging security systems have incorporated some sort of defense against image spam, which has only led spam creators to find novel modes of entry, specifically through what has become the "de facto standard" for sending documents between organizations, said Andrew Graydon, chief technology officer of Mississauga, Ont.-based messaging security vendor BorderWare Technologies Inc.

This latest spam tactic works because most messaging security tools detect images in the form of JPEG, JIF and PNG, for example, but not those in PDF.

"Spammers will always find the vulnerability, and push the limits to find where the majority of vendors are not solving the problem," said Graydon. And it's surprising, he added, how few messaging security systems scan the contents of PDF documents – making the tactic successful across 80 per cent of security solutions on the market.

Currently, he said PDF spam accounts for about 50 per cent of image spam, a marked increase from the initial three per cent when spammers were still testing the waters a couple of months ago before finally opening the floodgates.

PDF spam is just another invasion technique designed to bypass "reasonably effective" defenses against basic image spam, said Larry Karnis, president of Toronto, Ont.-based messaging security provider XPM Software Inc.

"They can put the same image in a PDF document and the PDF document wrapper allows the image to travel through the spam filter undetected," said Karnis.

But as with all forms of malware, PDF spam – currently a simple format of identical images for content – will soon take on different appearances as it morphs to avoid detection, said Graydon. "We're going to start seeing some of the exploits happening on the PDF where they're going to start changing the size of the PDF, and the size of the image inside."

But Karnis believes PDF spam will be a short-term threat because they are relatively easy for vendors to block: companies using an anti-spam tool and are under a maintenance agreement with the product vendor should see the problem going away fairly quickly.

Besides, he added, the impact thus far has been nowhere near as severe as the initial image spam attacks that hit last year. And the tactic is hardly economical from the spammer's point of view, given PDF attachments tend to inflate message size thereby reducing the number of outgoing attacks from a botnet.

Spammers at this point are probably trying to work out the economics of PDF spam given the limited number attacks that can be launched, said Bradley Anstis, director of product management for Basingstoke, U.K.-based Marshal Ltd., a provider of e-mail and internet management solutions.

And although the campaign was initially successful, he said, messaging security vendors will bolster their defenses towards the attacks, resulting in an eventual decline in number.

Currently, Graydon said companies are employing various approaches to the PDF spam problem. Some are passively "grinning and bearing it" because the technology they have in place doesn't solve the issue. Others are quarantining incoming PDF documents and letting users retrieve the 'clean' files from the quarantine.

Karnis isn't keen on the quarantine approach as it's indicative of an inferior anti-spam product, which really only serves as a location for e-mail that the spam filter couldn't decide what to do with.

Others, Graydon added, are making the better decision to deploy superior messaging security systems that can scan the content of PDF documents.

Companies should evaluate the technologies they have in place, agreed Anstis – in particular recommending multi-facetted spam engines to capture multiple forms of spam attacks.

Besides that, he said, "be aware that it's happening and let employees know. It's always better to err on the side of caution."

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

White Papers
Improving business through smart energy and environment policy
Businesses and public entities today face increasing pressure to develop policies that are both good for the planet and good for business. A framework developed by IBM offers businesses and other organizations a comprehensive approach to energy and environmental issues. The framework helps identify and prioritize environmental efforts by breaking down problems and opportunities into seven distinct business areas, which can then be segmented into manageable projects.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
ComputerWorld Canada | NetworkWorld Canada | CIO Canada | IT Business | CDN | Direction Informatique | PCWorld Canada | Macworld Canada | IT Job Universe | my IT Vendor
©2009 ITworldcanada.com All rights reserved.