Application security

Image spam levels fluctuating, say vendors

The most recent monthly spam report from Symantec saw a decrease in image spam — a technique using embedded images to bypass phishing filters — that had been growing in popularity this year.

Image spam accounted for 27 percent of all captured April spam, a 10 percent drop from March, according to the report. Spam accounted for 65 percent of all email at the SMTP layer.

However, Doug Bowers, senior director of anti-abuse engineering at Symantec, told SCMagazine.com today that it’s far too early to write off image spam.

"Over the last month, we’ve seen [image spam] fluctuating by a wide variance. It did go down a little during the last period, but on the peak day it was still at 48 percent, so it’s a wide variance," he said. "I’m not convinced we’re seeing a significant decline just yet. I don’t think we have enough data to see if it’s a trend."

Symantec also reported a new 419 scam purporting to be from a U.S. serviceman who found $750 million in 2003, but was critically injured when revisiting the country recently on a humanitarian mission.

According to the scam emails, the soldier gave his share of $20 million to a British Royal Air Force pilot for safekeeping. The recipient is told to contact the pilot and instruct him to send 50 percent of that sum to charity and the other half to the recipient. The scam also asks for financial information, according to Symantec.

To add to the look of legitimacy, the email displays a link to what appears to be a CBS News story about the incident.

The scam is effective because its sender seems more trustworthy than those of other 419 scams, said researcher Kelly Conley on the Symantec Security Response blog.

"You are now being emailed by a soldier, an American soldier who wants to share his newfound wealth with you. Is this person really a stranger? He is an American, so it’s not like you’re sending money to the great unknown, right?" said Conley. "This one is much easier to fall for. It not only brings the promise of wealth, but also the thought of dealing with a fellow American, a trustworthy soldier no less, familiar even if you do not know him personally."

Researchers also spotted "corporate character assassination spam," which disparages a company’s services or products and provides a link for more information. Targets have included fast-food chains, according to Symantec.

Image spam, pretending to be up-to-the-minute stock news that uploads hosting solutions onto a victimized PC, was also noted in Big Yellow's monthly "State of Spam Report."

Recently captured image spam also contained subtle noise patterns within images, according to Symantec.

Meanwhile, Steve Fossen, manager of threat research at Fortinet, told SCMagazine.com today that his company’s researchers have seen an increase in image spam since last month, but levels are still low compared to earlier this year.

"We saw an increase compared to March, but it still seems below January or February," he said. "It hasn’t come back up yet."

Fossen said his firm noted in its most recent "State of Malware Today" report that bank phishing increased in April after a drop in March.

Fortinet has also captured image spam, using photos of Paris Hilton and Britney Spears, that links recipients to a pornography registration page. In addition, the company detected an increase in spam using malicious ZIP and RAR files to spread malware.

The captured image spam contained a few new twists, Fossen said.

"The interesting thing about it is that it has more things to try to fool spam filters, like putting comments from other sites into style tags or html comments to mask the image, he said. "The text is not visible to the user, but spam filters can be affected by it"

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.