Application security

Use of ‘image spam’ skyrocketing

If you thought spam was on its way out, think again. A new technique that allows spammers to craftily wrap messages in an image file so they go undetected by filters is skyrocketing in prevalence, a new study shows.

The study, released today by anti-spam vendor IronPort, reveals that image-based spam has grown from less than 1 percent of all spam in June 2005 to more than 12 percent now. The study was conducted using SenderBase data, which comprises roughly 25 percent of the world’s email traffic and data.

Craig Sprosts, senior product manager at IronPort, said the amount of junk mail began leveling off in 2005, but this year it has jumped by 40 percent.

"Spammers have found more techniques for getting past the spam filters," he said. "Therefore, it’s become more profitable to them."

Image spam is largely to blame, Sprosts said. In the past, spam included text, sometimes in HTML coding, and a URL link. Filters could easily sniff out words and patterns, such as "offer" or "free," that typically are associated with junk mail.

But with the new technique, spammers use tools to place content and links inside an image, which is not flagged by traditional filters.

"Filters don’t go inside the image," Sprosts said.

And for those filters that adjust and take a signature of a malicious image, spammers can "randomize" the image to avoid detection the next time, he said. This includes placing dots in random spots or changing the image border to a different color or size.

"To a filter, they look like entirely unique messages," he said.

As a fix, Sprosts suggested organizations deploy an anti-spam solution that "goes beyond content filtering and signature analysis" by interpreting the image content and searching for patterns indicative of spam.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.