14 DAY TRIAL // They said PDF spam war was over. It was even thought that using PDF files is not a risky activity anymore. However, it seems that everything that you've heard is false. SecureWorks and F-Secure, two of the top security companies on the web, discovered a new impressive assault of the PDF spam which seems to come from Gmail accounts. The malicious PDF files are attached to email messages and ask the users to download and open them. The only problem is that they infect the victims' computers with Trojan horses or other dangerous threats. SecureWorks said the campaign was started on October 23, most attachments being named as BILL.pdf or INVOICE.pdf.
"The exploit downloads executes a first-stage downloader EXE file from an RBN (Russian Business Network) server via anonymous FTP and executes it. That downloader installs a variant of the Gozi Trojan which steals data as described in the Threat Analysis posted on the SecureWorks website," SecureWorks mentioned in a security alert published a few days ago.
F-Secure sustains that most messages are related to financial matters and can have the following subjects: 'Your credit report', 'Your credit points', 'Your balance report', 'Personal Credit Points', 'Balance Report' or 'Your Credit file'.
"A malicious PDF file called report.pdf, debt.2007.pdf, overdraft.2007.10.26.pdf, or similar, has been massively spammed through e-mail. The PDF is spiced with exploit CVE-2007-5020 that downloads ms32.exe, which in turn downloads more components," F-Secure added on its official blog.
The only solution to avoid those dangerous spam messages is to update your antivirus software and the spam filters. Moreover, you can mark the emails as spam without clicking on them. Also, avoid downloading attachments included in the messages coming from unknown or untrusted sources and directed to your inbox.