I'm checking our statistics on the amount of pdf spam we're seeing, and after Aug 20 (last week) it seems to have disappeared.
It hasn't disappeared entirely, of course. But my spam rules that targeted this stuff have gone from a couple million hits per day to a few tens of thousands of hits per day. There is a very clear delineation at Aug 20. So, there are a few possibilities:
This is a little weird because we are seeing as much mail as we have ever seen on our network, but my pdf rules have tailed off.
I personally have seen the PDF spam drop off, now it's the YouTube LMAO phishing scam that I've been getting at a rate of about 10 per day.
hi Terry --
I haven't really looked into it, but I would guess that the high volumes of PDF were from the Storm botnet; it appears to have switched to sending that YouTube spam with links to its malware, possibly to "seed" more nodes.
In our (SpamAssassin's) spamtraps, Storm output is very heavy these days.
I'd have thought that no one would even open a PDF spam except to check whether to send a copy to the SEC. I thought this would be one of the few cases where spammers would get a net negative result from their activities and that would be why they stopped.
May be because they switched to a different file format. I saw a few .xls come in after this date.