Here comes image spam

Image spam--e-mail solicitations that use graphical images of text--is not new. But its rising sophistication has made much of it invisible to spam filters so that it makes up one-third of all spam, according to Doug Bowers, director of antiabuse engineering at Symantec. E-mail traffic--83 percent of which was spam--rose in 2006, according to antispam company BorderWare, and researchers there expect image spam to grow.

The conceit of image spam is that people see things that computers can't. To fool a spam filter, you put text that humans understand in an image format; the computer sees a code, not letters and numbers.

Some spam filters try to recognize letters inside pictures using optical character recognition (OCR) technology. OCR was originally developed so that documents that were scanned into computers as images could be converted to text by matching the unique geometry of fonts to a dictionary of those geometrics. This bold A has a certain shape that an OCR engine can identify.

But the spammers outsmart OCR. They use unusual fonts or put noise in the picture (added color, gaps in letters that the eye overcomes and speckles of color on the page) so that the OCR engine doesn't see letters. The latest image spam uses tactics like word salads (nonsensical quotes from literature) as well as animated and layered GIF images that divide a message into several images layered on top of each other. Some have even gone old-school and removed links to click on and instead instruct users to type a link into their browser, since many filters refer to blacklists of known malicious links.

What's more, the image spam problem is getting mashed up with botnets. Bots distribute most spam, but the botnets are also being programmed to take one spam message and alter the image (by changing the size, shape, colors and other attributes) so that it's still readable but looks different to the filters that weed out identical e-mails.

Worst of all, says Andrew Graydon, CTO of BorderWare, image spam files are twice the size of previous spam messages, a network bandwidth and storage headache for companies required to store every received e-mail.

For years now, spam and spam filtering have waged a back-and-forth battle. Spam beats filters, filters improve. Repeat. Image spam is proving harder to filter because computers simply aren't that good at understanding what's in an image.

Some companies have started to update their spam filter engines to try to better control image spam, but companies should have no illusions about such reactive measures controlling the problem. New fronts in the fight--new spam delivery methods, like Google alert feeds and audio and video formats--are ahead.

Page Break

What to Do

(1) Invest in technology. Vendors are working to improve image spam filtering. It costs money for software and infrastructure, and your choices may be limited.

(2) Take draconian measures with e-mail policy. Consider blocking all attachments, for example. While your organization could take a productivity hit, it will reduce image spam's ability to reach you.

(3) Lobby for antispam policies in government and industry. Urge the government, ISPs and standards bodies to employ techniques, such as e-mail postage, that will reduce spam. The effort takes time and energy, but it attacks the problem at its core.


Copyright © 2007 IDG Communications, Inc.

The 10 most powerful cybersecurity companies