A recent spam campaign caught our attention using “snowshoe” spam techniques combined with PDF exploitation. Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. In this particular spam campaign, the messages themselves appear suspicious due to the spam-like characteristics in the headers and body of the message. A quick analysis using AMP immediately flags the PDF as a Trojan exploiting CVE-2013-2729, an integer overflow vulnerability found in Adobe Reader version 9, 10x and 11x.”]
Source: https://blog.talosintelligence.com/2014/08/snowshoe-spam-attack-comes-and-goes-in.html