In late June 2007, spammers engaged in new spam campaigns in which they embedded messages within PDF documents. By using PDF files that require the use of document viewing applications, such as Adobe Reader, spammers attempted to bypass text and image scanning engines in email security products. Because these PDF attacks utilized existing botnets to generate similar traffic patterns on the Internet as more traditional spam attacks, both Barracuda Reputation and Fingerprint Analysis techniques enabled the Barracuda Spam Firewall to block a significant portion of PDF spam very early in the message scanning process.
Barracuda Central, an advanced technology center at Barracuda Networks consisting of highly trained engineers who continuously monitor and block the latest Internet threats, detected at least two forms of the PDF spam campaigns: 1) full documents resembling investment analyst reports of reputable firms, and 2) image-only PDF files resembling the image spam attacks introduced in 2006. Examples of both forms are below.
Through sophisticated PDF filtering technologies in the rules scoring engine, the Barracuda Spam Firewall can target full document PDF files used in spam attacks.
Through enhancements to its Image Analysis layer, the Barracuda Spam Firewall effectively blocked the image-only PDF files containing spam content while delivering legitimate PDF files.