SonicWALL's analysis shows that Directory Harvest Attacks (DHA), Denial of Service (DoS) and similar attacks decreased by 2 percent over the quarter, but still accounted for 55.7 percent of e-mail flowing into inboxes. Spam, viruses and phishing attacks, increased by 4 percent from Q1 2007, and comprised 37.4 percent of all e-mail, with the remaining 6.9 percent being Good e-mail -- a 3 percent increase over Q1 2007.
During the second quarter of 2007, PDF spam emerged as a persistent threat. These types of e-mail attacks typically contain little to no text in the body but attach a PDF file, usually a stock or drug spam message containing malicious code, which, if opened, can be automatically downloaded onto a victim' s computer. It is believed the widespread adoption of PDF spam illustrates the adaptability of spammers in finding new techniques to counteract image spam prevention techniques.
"PDF spam demonstrates the continued innovation in spam techniques that attempt to bypass anti-spam detection and trick employees into opening e-mails that give the appearance of legitimate business letters," said Andrew Klein, senior product manager for SonicWALL's Email Security division. "PDF spam is effective because files in PDF format have long been considered an acceptable way for businesses to transfer information. Much like phishing e-mails, spammers have manipulated the trust factor to get past both technical and psychological defenses."
More recently, an increasing amount of Excel and ZIP file spam have been detected. Utilizing the same trust-busting premise as PDF spam, Excel and ZIP spam succeed because they mimic legitimate correspondence to get more eyes to view the message.
