Find White Papers
Home About Contact Help
Free Membership Member Login
Dec 2, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Image Spam: The Latest Attack on the Enterprise Inbox

Secure Computing
By : Secure Computing
INFORMATION
Published : Nov 20, 2006
Length : 6
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Spammers have long attempted to bypass anti-spam software by incorporating their sales pitch into an image, rather than sending it as plain text. When they first adopted this practice, they were able to evade simple content recognition tools. As image spamming grew in popularity, anti-spam vendors developed signatures designed to detect specific image spam messages. In doing so, the anti-spam software was able to reference these signatures and reject identical or nearly identical messages.

However, spammers have now fired a new barrage of image spam using randomized images that appear identical to the human eye, yet appear to be entirely unique to most anti-spam software. Many of the changes to the images contained within spam messages are so subtle that they require a pixel-by-pixel examination of the image in order to detect the differences.

Read how Secure Computing effectively addresses this problem.
View All Items By This Company
Browse Related Categories :

Anti Spam

,

Email Security

,

IT Management

,

Intrusion Prevention

,

Messaging

,

Microsoft Exchange

,

Phishing

,

Risk Management

,

Security
 
In just the past three months, the level of image spam seen by Secure Computing Research has increased by nearly 200 percent. This sudden spike in image spam volume can be attributed to the fact that the majority of anti-spam software is unable to detect this new method, making it more appealing and profitable to spammers. Traditional techniques used for detecting and blocking spam have been unable to provide equal effectiveness when dealing with the new image spamming methods.

Types of image spam

The following sections contain actual image spam messages identified by Secure Computing, and an examination of some of the techniques used by spammers in order to fool anti-spam software.

Sliced images

Very often, image spam messages are not composed of a single image, but of multiple images pieced together to appear as one. The red lines above indicate "cuts" in the image, similar to the creation of a jigsaw puzzle. This technique is effective against many anti-spam solutions because it bypasses the signature files that have been designed to detect individual images. Spammers send out multiple versions of the same message by slicing it randomly and then reassembling it within the email.

Individual pixel modification

Here we see the same image spam message as in the Sliced Image example, but in this case, the spammer has changed individual pixels within the image that would otherwise likely go unnoticed by the reader. As a result, each separate iteration of this image will appear completely unique to most anti-spam software. By using individual pixel modification, spammers can create virtually unlimited versions of the exact same message and fool anti-spam software into identifying each as different from the last.

Color and font modification

While the wording in this image is the same as in the two previous examples, the spammer has now modified the background and font colors, and changed the font style. Although the substance of the message has not changed, the image is again completely unique from any iterations previously seen by the anti-spam software that encounters it. Spammers have unlimited flexibility in the number of colors used, and the font style changes result in new pixel locations, further modifying the image's properties and distancing it from any signatures that may have been developed using previous versions of the graphic.

Multi-frame animated images

Figure 4 represents the latest modification to image spam messages. This method is completely unique because, instead of sending a single image containing the message, the spammer has created an animated .gif file with multiple frames. The image shown above consisted of four separate frames: two apparently "blank" frames containing nothing but the random lines and colored pixels shown on the left side, and two "text" frames containing the verbiage superimposed over the lines and pixels. The four frames rotate at a rate so fast that the human eye is unable to detect the animation and sees only a single image.

Hand-written images

Again, the message in figure 5 is nearly identical to the previous examples, though the appearance is decidedly different. This time, the hand-written font is used to obfuscate that fact from text recognition tools. Because the handwriting is not similar to any TrueType fonts or other recognizable character sets, the spammer is able to easily bypass tools such as Optical Character Recognition (OCR).

OCR: why doesn't it stop image spam?

Faced with increasing frustration from customers inundated by image spam, many vendors have turned to old technology to combat a new problem. Optical Character Recognition (OCR) is a technique that attempts to translate images with characters (such as image spam) into text that can be "read" by software. OCR is, in theory, a solid concept --- however, it is slow, processor-intensive and relatively easy to fool.

Resource depletion

Reliance on OCR as a method of detecting image spam is untenable due to multiple hardware limitations. Because OCR must open each image and compare it to multiple sets of known characters, it necessitates heavy processor loads and causes unacceptable delays in message throughput.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map