Security researchers first spotted PDF spam at the beginning of June, and by the end of the month it was making up three to four percent of all spam.
The levels had reached six to eight percent by July and occasionally hit rates close to 20 percent.
"If PDF spam evolves like image-based spam we have to prepare for the possibility that PDF spam could account for 20 per cent or more of all spam," said Ralf Iffert, a researcher at IBM's X-Force threat analysis service.
"In fact, we may see this kind of volume increase happen much faster than the two-year rise of image-based spam."
Image-based spam rose to prominence last year after filtering software became much better at recognising text spam using keyword filtering and heuristics. Image spam then moved swiftly to make up the majority of spam picked up by filters.
But most spam filters are unable to check the content of PDF documents, and the spammers are increasingly adopting the technique. As PDFs are also traditionally a business tool, many spam filters are automatically configured not to block them.
One of the first PDF-based spam campaigns involved a pump-and-dump stock scam picked up by Nick Kelly at McAfee's Avert security labs.
"We predicted the appearance of PDF-based spam because .pdf files can be more easily automated than other document formats," he said.
"As .gif-based image spam continues to decline, we expect that spammers will continue to try similar methods of sending image based spam."
Spammers use PDFs to beat filters
By Iain Thomson on Jul 24, 2007 10:28AM