| 6:51 pm on Aug 1, 2007 (gmt 0)|
"Adobe and anti-virus researchers said they have received no reports from customers of virus-infected PDF files. But the company confirmed that infected documents or malicious programs could be embedded within a PDF file using a Microsoft-developed technology called object linking and embedding (OLE), introduced in Acrobat version 4"
I don't think the no reports is correct one thing for sure I know there is a big problems with bad pdf's on wiki.
| 7:10 pm on Aug 1, 2007 (gmt 0)|
We have been getting a lot of spam on PDF files on all of our emails recently. Most are the stock hype scheme type. We have actually forwarded some to the SEC so they can crack down on the stock hype schemes. Basically, they hype of penny stocks hoping the price will rise then sell off at a profit.
| 7:17 pm on Aug 1, 2007 (gmt 0)|
|hoping the price will rise then sell off at a profit |
That needs to be corrected. The sole purpose of stock spam is to create trading volume to absorb the sale of illiquid stock by the pumper. There is rarely much of a price increase because the pumper is selling from the outset.
| 7:25 pm on Aug 1, 2007 (gmt 0)|
The surge of PDF spam mails started at least six weeks ago. I know of people getting dozens to hundreds of those per day.
| 7:29 pm on Aug 1, 2007 (gmt 0)|
I have had a load of PDF spam emails recently and I have just been deleting them as they come into my inbox. We block thousands of spam emails a day but these are coming through as are some with .zip attachments. Be careful folks. Anti-virus software can be great but it is only as good as the last update.
| 7:43 pm on Aug 1, 2007 (gmt 0)|
more annoying was, that these spam mails suddenly started to pass the spam filters more than gif or jpg attachments. i have had suddenly much more spam in my inbox.
| 8:10 pm on Aug 1, 2007 (gmt 0)|
--- pass the spam filters more than gif or jpg attachments ---
Personally I havenít gotten one, Yet, nor any email account on several domains I manage that have GreyListing enabled.
On the other hand, the email software should have a feature that enables administrator to activate to receive attachments only from the trusted source. Once the source is compromised, the ISP that is liable for spam delivered should paying an hourly rate to the person who opened an email. This might sound like BLAH but money talks, sometimes backwards is the only way to go.
| 8:30 pm on Aug 1, 2007 (gmt 0)|
I've been getting dozens of the PDF spams per day. It did seem to start about 6 weeks ago or so.
I have spam filters in place, and they block the JPG spam just fine, but the PDF spam has gotten through (although it does seem to be learning and getting better).
It's annoying because I actually get PDFs from clients, so the staff has to be extra vigilant.
I actually thought they were viruses and not spam, so I just don't open them.
| 11:13 pm on Aug 1, 2007 (gmt 0)|
ohh i have seen those for 2 month now, but ok 98% of my mails are spam, so im always up to date.
| 11:38 pm on Aug 1, 2007 (gmt 0)|
I don't remember the exact date. I just recalled a rough timescale from memory. I no longer have an electronic record back that far of what was deleted.
| 1:43 am on Aug 2, 2007 (gmt 0)|
Around 5 weeks ago my office got completely flooded with these pdfs. Its still going on now, I'm getting a bit of satisfaction that I'm not the only one expected to deal with this.
| 2:40 am on Aug 2, 2007 (gmt 0)|
Someone is using my domain name as a return-to address and I'm getting 500 bounced PDF and ZIP email a day :-(
| 7:25 am on Aug 2, 2007 (gmt 0)|
ISORG: when that has happened to me the most likely cause it I had a catchall email address setup on the domain(s). Remove the catchall and setup forwarding email addresses for the addresses you need / desire and just bounce the rest.
I have one desktop instance of a link followed in the "spam" pdf's installing a worm email virus with up to date antivirus watching (grumble); this happened Tuesday last week. The end results were not funny...
| 8:14 am on Aug 2, 2007 (gmt 0)|
Thanks for this warning Engine. I have personally had huge amounts of spam myself with PDF attachements. My Merak spam filter doesnt seem to stop them either.
| 8:22 am on Aug 2, 2007 (gmt 0)|
|I had a catchall email address setup on the domain(s). Remove the catchall and setup forwarding email addresses for the addresses you need / desire and just bounce the rest. |
Doesn't this just pass the problem onto someone else? I see how it helps the webmaster of the domain in question but if we bounce them doesn't that just pass on the problem?
I also have been receiving a lot of .pdf attachment spam. Not opened one yet but must admit they are quite clever as the name of the attachment and subject line are quite on target for me.
| 8:36 am on Aug 2, 2007 (gmt 0)|
Thanks Techrealm. That's a good idea.
Visit Thailand: I have visions of these spam PDFs endlessly bouncing around the internet for eternity :-)
| 12:47 pm on Aug 2, 2007 (gmt 0)|
Shoot! Where was I yesterday when this was mentioned!
I just sent out pdf information to our list of past and present advertisers (not something we do much). I wonder how many of them just dumped it without even opening it!
| 1:27 pm on Aug 2, 2007 (gmt 0)|
I also have been inundated in these things. Every single one seems to have NO body content whatsoever, only a moderately well-targeted subject line and attachment name.
| 1:42 pm on Aug 2, 2007 (gmt 0)|
Remember, it's what may be embedded as a payload that is a bigger concern.
| 7:29 pm on Aug 2, 2007 (gmt 0)|
One of the payloads is a nasty rootkit and multiple virus files.
| 8:49 pm on Aug 2, 2007 (gmt 0)|
|Doesn't this just pass the problem onto someone else? |
Mostly no as the email are typically "sent from" from false accounts so the bounces time out and are simply lost to age. And two by having a catchall in place your server when queried to check that the email address is good will send a yes that address is good answer and allow the email to send out.
Another Short answer is that most ISP's request you phase out use of catchalls on their servers for various technical reasons.
|I also have been receiving a lot of .pdf attachment spam. Not opened one yet but must admit they are quite clever as the name of the attachment and subject line are quite on target for me. |
:-) ahh yes then someone you know may have been infected by a worm version and that is copying the email address book and miscellaneous email data to auto generate the spam / worms / rootkits.
its all fun stuff...
| 9:18 pm on Aug 2, 2007 (gmt 0)|
One way that spammers operate, is by purposely using servers that actively bounce messages back to the supposed sender, to distribute their spam to their intended victims.
Most email systems don't filter out as spam any messages that are supposedly telling you that some other message that you have sent has now been bounced by the recipient.
So, the spammer sends thousands of messages addressed to you, and each one is bounced by your server. Each message came from a different email address, and that "from" email address is the target email address that the spammer actually wanted the spam sent to.
I would silently blackhole those messages, or else configure the server to send a "message not delivered" response without including the content of the original mail.
| 2:26 am on Aug 3, 2007 (gmt 0)|
Noticed increase in these too of late, now up to about 3 daily, but one question only: Do they impact the "Preview" application on OS X?
Don't use Windows so couldn't care less about that!
| 5:29 am on Aug 4, 2007 (gmt 0)|
So do I understand it that there is no negative to removing the catchall? I do not want to add to the bouncing email problem.
| 1:48 pm on Aug 11, 2007 (gmt 0)|
I've been receiving this email every day for the last month or so around the time the .pdfs' started flooding in:
"You have reached your current SMTP relay limit of 1000 per day on the following hosting account:"
I use godaddy's virtual hosting.
Any ideas on how to fix this?
| 9:30 pm on Aug 11, 2007 (gmt 0)|
Do you allow messages to be sent to firstname.lastname@example.org or do you just allow a few combinations?
| 4:00 am on Aug 12, 2007 (gmt 0)|
I noticed that the default response for 'anyname' was to bounce it back with a message. These count towards the 1000 message limit. I changed it to 'reject'. Hopefully this will resolve it.