PDF spam, the summertime nuisance that flooded inboxes in early August and then quickly disappeared, is back and worse than ever.
According to multiple threat researchers at security vendors, tens of thousands of spam messages were blasted out last week with attached PDF files, which infect the recipients' PCs when viewed. The subject lines of the new crop of PDF spam are finance-related, according to security vendors, using phrases designed to get the recipient's attention such as "your credit report." These e-mails contain no text, simply the attachment.
"When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and [Internet Explorer 7.0] and downloads further malware from a server in Malaysia," according to security vendor F-Secure's recent blog post. "The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity."