Image Spam: By the Numbers

Ransom notes, pixel salad and GIF layering: How image spam dodges your email filters

By Scott Berinato

Page 2

5. Speckling/Pixel Salad

Confetti-like speckles donâ¬"t affect the legibility of the necessary information but make every message unique to confuse a filter looking for patterns or high volumes of identical images.

Similarly, a bar of randomly generated color pixels can contain the vast majority of the image data. To a filter itâ¬"s full of patternless noise. We can see the words in the message while the image at the bottom doesnâ¬"t bother us.

6. Hyperlink Elimination/Word Salad/Animated GIF

Filters have improved their ability to find and trace spammy URLs and then block the message based on the inclusion of a bad link. To get around this, spammers will ask recipients to type the URL into their browsers.

Other methods include word salads, text passages, often taken from classic novels, to confuse Bayesian filters and weighted dictionaries that rely on complex math or word scoring to determine the probability that some combination of words is spam. The filter sees predominantly natural text it canâ¬"t flag as illegitimate.

Another technique used to bypass filters consists of programming a GIF to slowly overlay its layers to create an animated GIF, similar to GIF layering. Here, with www.dvarx.com, each letter is a GIF layer. As they are stacked, it looks to the eye like someone typing in the letters into the address bar.