PDF spam today is now barely registering on security vendors' spamometers, despite having accounted for almost a third of all spam just a few weeks ago.
Unwanted emails with PDF files attached - usually related to pump-and-dump stock scams - comprise less than 1 percent of spam today, according to Sophos.
PDF spam began hitting high volume levels in early summer, the highest of which occurred in August when a stock scam exploded across the internet, touting a company called Prime Time Group. The attached PDF looked like a financial newsletter advising the purchase of the stock. That spam blast, which some security vendors said at the time was the largest in spam history, lasted for the better part of a week.
There could be a number of reasons why PDF spam has all but disappeared, said Ron O'Brien, Sophos senior security analyst. Since the actual message is attached to, not embedded in, the email, recipients may find it too time consuming or cumbersome to open, he said.
"A malicious embedded link, on the other hand, is quick and easy to access and would probably have a higher likelihood of luring people to open" it, he said.
The idea that PDF spam is too complex would explain why a few good old-fashioned spam messages appeared in some in-boxes this morning, simply stating the recipient should purchase a cheap stock before it gets snapped up. No attachments, not even a link to a web site, just some persuasive text.
While spammers may be looking for new ways to get their message across, Sophos' O'Brien warned that email users should beware of a false sense of security.
"Although PDF spam is showing a decrease currently, there's no reason to believe that it will not strike again," he said.