Spammers using images to evade detection
The amount of spam email using images has increased by a factor of 12 in the past year as spammers attempt to avoid detection, a new study has found.
Spammers are increasingly using images containing text and graphics rather than plain text to bypass filters that can analyse and trap many messages.
Text-based filters look for specific words in the email, such as ’Viagra’ and ’free’, to identify spam messages. By placing words inside image files, text filters are unable to detect the words.
The study, by security company IronPort Systems, found that image-based bulk mail had increased from one per cent of all spam in June 2005 to 12 per cent in June this year.
This adds up to five billion image-based spam messages being sent everyday, 78 per cent of which are not detected by traditional spam filters, the company claimed.
Spammers are also modifying each image before sending them so they are slightly different to fool spam filters looking for specific image files.
"With image-based spam techniques, spammers are using sophisticated methods of varying each image slightly with each spam attack. The changes are imperceptible to end-users and invisible to signature-based filters," said Tom Gillis, senior vice president of worldwide marketing at IronPort.
"It is similar to snowflakes in a blizzard; billions are sent but no two look exactly alike."
In an effort to avoid blacklists which block IP addresses known to send spam, spammers are also increasingly using ’zombie’ home computers that have been hijacked by rogue software and can be controlled remotely.
Eight out of 10 spam messages sent are from compromised machines, according to IronPort.
Carl Taylor, vnunet.com 29 Jun 2006