PDF = Potential Death File?
Obviously a plugin upgrade would be nice, but what about between then and now? I’d be happy if we could get a fix out quickly for web masters to apply to their sites but since the part of the url after the hash is never sent the server (which in this case is what holds the malicous code) any server side solution is pretty much impossible.
Oh what a fun start to the new year eh? On a more light hearted note, first person to see a SPAM email using this technique wins a virtual cookie from me.