Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Image spam makes a comeback

Seems like it's 2007 again.

By Gregg Keizer, Computerworld (US) | Computerworld US | Published: 15:23, 07 May 2009

Spammers have turned back the clock and are recycling a years-old tactic by planting their messages in images, according to a security researcher.

Image spam, which hit a peak in late 2006 and early 2007, has made a comeback, said Holly Stewart, the threat response manager of IBM Internet Security System's X-Force team. After barely registering during most of 2008, image-based spam accounted for about 25 percent of all spam by the end of last month.

"They're doing the same kind of image-based spam as in 2006 and 2007," said Stewart. "It's very surprising."

It's surprising because spammers that rely on technological trickery rarely return to an older tactic once anti-spam vendors have figured out how to detect the junk mail. "But what they're doing now is exactly what they were doing before," added Stewart.

When spammers first started using images rather than text, they were successful at slipping their pitches through filters, which were designed only to parse text and look for such things as links. Their success led to an explosion in image-based spam, with spammers and security firms playing a cat-and-mouse game for months.

The only real difference this time around, Stewart said, is the sales pitch. "Most image spam was stock 'pump-and-dump,' but now the focus is on drugs and pills, something to make you feel better in hard times," said Stewart, who credited the change to the recession and the poor performance - and even harsher perception - of Wall Street.

Also odd, she continued, is that few of the messages included ready-to-click links. Instead, the images contain a URL that the user must laboriously type in manually.

Spammers conducted an image spam test run in March, according to X-Force's data, which showed a spike in the tactic from about 19 March to 9 April. The test was obviously successful, Stewart said, because after a short period when the tactic disappeared entirely, it roared back with a vengeance on 21 April.

"Actually, it's pretty incredible that this could be successful again," Stewart said, noting that most anti-spam filters should block the mail, unless the vendor, perhaps for performance reasons, had ditched them when image-based spam vanished last year.

The return of image spam could be the first resurrection of other once-popular tactics, she warned. "We may see others come back," Stewart said, and ticked off MP3 spam - mail that replaced text with an audio clip - and PDF-based spam. Both were popular in 2006 and 2007 for junk stock pushers.

Of the discarded tactics, Stewart selected PDF spam as the one most likely to reappear. "It was short-lived [before], but if I had to pick, I would point to the PDF vector," she said, noting that rigged PDFs exploiting Adobe bugs have been on a tear of late.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.