One of five image spam emails captured during July contained a scam PDF document, according to research released this week by email security vendor MessageLabs.

The company concluded that the technique has been adopted by professional spammers, due to the use of sophisticated techniques, such as attaching a unique randomised and non-text-based PDF to every spam email, as well as the use of random page sizes.

Paul Wood, senior analyst at MessageLabs, told today that researchers have noted a change in PDF image spam in recent months.

"I think that this has been an evolution that’s really kicked off over the past couple of months," he said. "The assumption is that the PDFs are legitimate files that people are sending around, and spammers don’t usually go to those lengths."

Research found that more than 28 per cent of July malware was new, a 10 per  cent increase in that category from June, and that nearly 90 per cent of web-based viruses and 62 per cent of spyware was unclassified. The organisation said that it identified and blocked nearly 1,000 new sites last month.

The global ratio of spam in email traffic, however, decreased by 1.4 per cent since June, while phishing attacks rose by 0.09 per cent.

Mark Sunner, MessageLabs’ chief security analyst, said that spammers may soon use the technique to spread malware.

"Though PDF files have traditionally been a trusted type of email attachment, we are beginning to see an increase in use for sinister activity," he said. "With a nearly 10 per cent increase in malware this month, we believe this threat could become more malicious with the potential for spammers to embed malware in the PDFs, which would be automatically downloaded to the victim’s computer."

The study reinforces other research claiming that spammers are increasingly switching from traditional image spam to junk emails containing attachments for pump-and-dump scams.  Commtouch’s lab disclosed this week that it has witnessed a spike in spam using ZIP files as attachments and spammers are also increasingly using Excel attachments, according to various messaging security vendors.