PDF rise and fall
What happened? In June and August PDF spam was attributed to over 20% of all email on the Internet. As of September 1 that number had dropped to less than 1%. Why?
Spam tactic didn't work
Does this mean spam engines have figured out how to block the messages? No. Most spam filters were still not filtering PDF spam as of September 1 very effectively.
Did any of you notice that Outlook does not auto preview PDF's? This means that people started deleting every PDF attached email that didn't include something they knew they needed to handle. And since no one was auto previewing the silly pump and dump scams they were not being profitable for the spammers. Spammers test new theories all the time, when they don't work they drop them like a hot rock and move on. If only normal companies were that smart.
Spammers are more organized that people think
I honestly feel that spammers are more organized that people give them credit for being. There is no way a group of 100's could have all decided at the same time the tactic was not working and dropped it. There is no way to get a few hundred people to agree on anything, let alone to replace all their spam sending software. Makes you wonder where the money is flowing. Who is supplying these companies with their spamming tools? The root providers of this spam sending software must have announced they no longer recommend PDF spam, and their customers all followed their advice.
Is it gone forever?
Don't fool yourself. Spammers will recalibrate and retool. They will continue to look for new ways to get their message in front of users. Outlook is still by far their #1 target. They will continue to look for ways to get around the built in Outlook junk email filter, and for ways to ensure that their messages is auto previewed.
I personally think the next wave will include docx (The new Word 2007 format), xps (the Microsoft alternative to PDF), and other Microsoft specific extentions that many third party companies are ignoring right now. A lot of email virus scanners to not even recognize the XPS format or scan it. There are no known exploits (yet), but I am sure somewhere a group of people is trying to find one.
Until users stop buying and trafficing sites and products that advertise through spam it will continue to be profitable for spammers to send their messages. With the 2007 holiday season right around the corner I expect some new type of attack for the spammers to make their XMas bonus plan profitable. I hope I am wrong.