I have been getting lots of emails lately that have most of the time no text whatsoever but a pdf attachment with titles such as report.pdf, article.pdf or bill.pdf. Those are real pdf files and if you open them you see that they contain - you guessed it already did not you - spam.
To be more precise than that: they contain spam about shares and claim that if you buy them you will receive highest returns. The pdf contains between three and four pages normally and only the first page is about the subject that they want you to react on.
The other pages contain random sentences put together to irritate anti-spam software and tools, and make the pdf look like a new message all the time and not the same. If we put all of this together we see a new type of spam that consists of the following:
Here is a little trick on how to make Thunderbird's spam filter recognize the pdf spam and move it right into a special folder:
If you analyze the header of the pdf spam emails you see that most use the User-Agent Thunderbird 184.108.40.206. We will now create a new message filter to move pdf files directly into a newly created folder if the User-Agent is Thunderbird 220.127.116.11.
This message will move all messages that have the User-Agent Thunderbird 18.104.22.168 and a pdf attachment to a folder named spam.
This method is working fine at the moment but will stop working as soon as the spammer is changing the User-Agent of his client.
The following method is also using message filters but works without adding the User-Agent variable which makes it a more general method to fight pdf spam.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.