Application security

Image spammers change tactics

Although numerous security vendors have testified to a decrease in image spam in recent months, that hasn't stopped spammers from tweaking their methodologies.

In recent weeks, spammers have taken advantage of online photo-hosting services, such as Imageshack and Flickr, to host their images in a technique researchers at MX Logic said this week that they don’t expect to last long.

"It’s one of those things that’s pretty easy to block based on linked images in email messages, and the providers are usually pretty quick in taking down images of this nature, or things that are pornographic or illegal," said Sam Masiello, director of the Threat Management Team at MX Logic.

Spammers have also used the image’s location as a background attribute to an email’s body tag within the message’s HTML code – a technique that’s a variation of the original image spam method of attaching an image to a message, but using an external image host.

"The more common tactic would be to set up servers themselves, or use compromised servers to host the image," Masiello said.

Researchers have reported varying statistics on image spam in recent months.

MessageLabs announced earlier this month that image spam levels held steady at 15 to 20 percent of all junk mail.

Paul Wood, senior analyst at MessageLabs, said at the time that image spam is difficult to accurately measure because in increases sharply over short periods of time.

A report on email-borne threats from Symantec showed a 10-percent drop in image spam from March to April, when it accounted for 27 percent of all spam.

McAfee last month reported a drastic drop in image spam levels, with researcher Nick Kelly posting on the McAfee Avert Labs Blog that emails using the technique plummeted from 59 percent of all spam at the start of April to 12 percent at the end.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.