Application security

No slowing growth of image spam in 2006

The use of image spam continues to grow, now accounting for as much as two-thirds of all spam, security researchers said this week.

Researchers from McAfee's Avert Labs said that by the end of 2006, image spam accounted for 65 percent of all spam. At the beginning of last year, the technique only accounted for 30 percent of all spam email, researcher Nick Kelly said on the Avert Labs blog.

"With a 100-percent increase in image spam, which is typically three to four times the size of text-based spam, there must have been a lot of extra junk clogging up the tubes of the internet last year," he said.

While image spam generally has the same aim as traditional spam - promoting pharmaceuticals, fake degrees, counterfeit software, loans, pump-and-dump scams, mortgages and pornography - it's using evolving methods to avoid detection.

Recent image spam is increasingly using animated GIF files and multi-layer image files to hide messages, as well as older techniques such as random background noise in the image file, image file names, subject lines and hash-buster message bodies.

Craig Schmugar, threat research engineer at McAfee Avert Labs, told SCMagazine.com that the increase in image spam has led to a spike in botnets.

"What works has been the use of compromised computers - spambots - and botnet computers used to relay the message," he said. "So there's a parallel increase in the number of bot computers and bot spam."

Message security vendor IronPort Systems, to be acquired by Cisco, reported this week that despite spam volumes dropping 14 percent from December to January, image spam levels rose and now account for one-third of all spam.

David Mayer, product manager for security applications at IronPort, told SCMagazine.com today that he expects to see continued innovation in image spam.

"In October 2005, (the percentage of image spam versus all spam) was five percent, and now you're looking at 33 percent in January of 2007 - so you're looking at a six-time increase," he said. "People stick with what works, and a higher percentage of image spam is evading traditional filters, so they're going to put the wood behind that. We think there is going to be a lot more innovation around image spam."

While their numbers have varied, messaging security vendors reported an increase in image spam during 2006.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.