Junk emailers get the picture with image spam

21 Aug 2006

Spam that uses text embedded in images to fool security filters has seen a massive rise recently and now accounts for close to 25pc of all unsolicited email, Barracuda Networks has claimed.

The security provider, which manufactures devices for protecting businesses against spam, spyware and similar threats, has said that spam creators have started writing messages in image files to avoid being detected by scoring systems that check against the content of the text — a technique used by many traditional anti-spam products.

“Spammers are forever trying to be one jump ahead; the majority of anti-spam protection is based around textual spam so in order to get around that they’ve resorted to putting text in images or sending just images,” said Paul Thackeray, managing director of Barracuda Networks UK & Ireland.

The images tend to be embedded in the message rather than appearing as attachments. “[Spam] filters don’t see it as text; they ignore it,” added Thackeray. The problem was first identified late last year but he said that incidents of image spam had “shot up” over the past four or five months. Now, Barracuda estimates that a quarter of all junk email is now image spam.

A new firmware download for Barracuda’s spam filter product uses optical character-recognition (OCR) to scan the image and identify words that have been included and it attaches a score to the email based on the probability that it could be spam. “We look at it as an image and as text as well, even though it’s not a text document,” said Thackeray.

The new release also has a fingerprint analysis feature that scans spam messages caught in Barracuda’s worldwide network of ‘honeypots’ and data-gathering tools. This breaks images down into components, assigning unique identifiers to each portion so they can be easily recognised.

The software then checks incoming messages against a database of image-based spam fingerprints and flags those that match. Users can then decide to block, tag or quarantine suspicious emails.

Thackeray said that the system can track whether an image is genuine or not. He said there was no risk that legitimate messages with attachments such as .JPG pictures would be mistakenly labelled as spam. “We haven’t had any false positive problems,” he told siliconrepublic.com. “We do a lot more intelligent analysis than just looking at the image format.”

By Gordon Smith