By Brian Robinson on May 2nd, 2007
Here’s a scary thought: After a year of combating the rise of image spam, anti-spam developers will have to start all over again. That’s if a report from Secure Computing Corp. about a new form of the popular spam format proves to be as much of a problem as the company claims it is.
Instead of embedding images within an email, says Dmitri Alperovich, chief research scientist at Secure Computing’s TrustedSource Labs, spammers are now simply sending emails to people and linking to an image or photo on popular Web hosting sites such as ImageShack .
That negates the efforts of anti-spam developers to produce solutions that can get inside of the image and extract its text.
The new spam technique also dramatically increases the volume that spammers can produce, according to Alperovich, since they don’t have to generate the image each time they send a message. All they have to do now is attach a static piece of text to an email. “The filters that people have now won’t be able to pick up this kind of spam.” he said.
Image spam first began to get noticed in 2005, though in small volumes to begin with. It was only on closer inspection that messages, that at first looked like regular text-based email, complete with hyperlinks, were actually seen to be images.
That meant they could get around all defenses that were in place at the time. Filters couldn’t recognize the source, and there were no keywords to inspect because there was no text for the filters to detect. Add to this the fact that image spam is 2 or 3 times larger than the equivalent text-based email spam, and the problem it poses for network bandwidth is significant.
By the middle of last year, image spam comprised anywhere up to 15 percent of the total amount of spam on the Internet. Now, Alperovitch said, it’s probably around 30 percent of the total. However, he said, that figure had begun stabilizing as developers began to catch up with spam techniques, though it took them many months to do so. Now they’ll have to start over again, and it’s unclear what they can do about this new technique.
One defense Alperovich did suggest is – naturally – Secure Computing’s own “reputation” system, which continuously trawls the Internet and assigns a credit score to sources of traffic so that users can block that from known or suspected sources of spam.
That way, Alperovich said, users don’t have to deal with the tricks of the spammers because they aren’t even playing the game.
This article is ridiculous. Image spam has been around for ages, and most of the old image spam was of this type--an image hosted on some other server. This is precisely why anyone with sense blocks HTML e-mails, especially remote images in HTML, as they can be used to track you. This is like an article from 1997.
Posted by: Futureboy, 23:45:30 on 2007-06-08