Same Spam, Different Image

Spam, or unsolicited e-mail, is an old Internet nemesis, but spammers have come up with a new twist, and it’s causing corporate and individual users alike e-heartburn. It’s called “image spam,” and it’s waiting in an in-box near you.

Image spam contains little ordinary text to analyze. Instead, it uses the .gif or .jpeg image file formats — hence its nomenclature.

The image itself contains the spam message in the form of text and graphics. In appearance, it is similar to an HTML e-mail, but the image format makes it difficult for a machine to easily recognize the text.

This advanced spamming technique reached a new high of 25 percent of total spam volume in October, compared to 4.8 percent a year ago, according to IronPort Systems. That’s an increase of 421 percent — and it’s causing major problems as these messages tend to pass through first- and second-generation spam filters undetected.

Spam by the Numbers

Image spam is only part of the overall problem, albeit a new and growing part. To understand spam’s impact, you have to look at the big picture. A quick review of the numbers may leave your jaw hanging open. Spam has increased more than 100 percent since October 2005, and worldwide spam volumes are now estimated at 63 billion messages each day, according to IronPort.

For a short-term perspective, consider that from April 2006 to June 2006 — just two months — spam volumes surged 40 percent worldwide. From June 2006 to Oct 2006 — just another four months — spam volumes surged another 23 percent, from an average of 51 billion messages per day to 63 billion messages per day, IronPort revealed.

“Spam is taking a toll like never before on mail systems,” Craig Sprosts, a senior product manager at IronPort, told the E-Commerce Times. “The mail infrastructure can no longer process the bits fast enough, and it starts delaying mail delivery. We’ve seen a number of vendors in the industry delay mail by up to 24 hours due to this problem — or accidentally [delete] legitimate e-mail in an aggressive stance against image spam.”

Understanding Image Spam

Thus, the fundamental spam problem is not merely the increasing volume of spam itself, but the increase of spam that contains messages that are much larger in size — up to five to 10 times larger. Image spam is wreaking havoc on e-mail systems and ISPs (Internet service providers) large and small.

“Spam filters are looking for words like ‘Viagra’ in the message itself. The filters assign a weight to those characteristics in the message to determine whether or not it’s spam,” Sprosts explained. “If those words are part of an image, it’s very difficult to find those characteristics. The filter is trying to read something in a language it doesn’t understand.”

Senders of image-based spam use sophisticated techniques to vary each image in a spam attack just slightly. These changes are imperceptible to end users and invisible to signature-based filters. It is similar to snowflakes in a blizzard — billions are sent, but no two look exactly alike. Therefore, spam filters let them go by.

Botnets to Blame

You can’t look at the spam problem without looking at the root of the spam proliferation issue: botnets, networks of compromised personal computers that are unknowingly turned into spam servers. Trojan programs such as Warezov and SpamThru are likely contributing to the rise in spam, according to MessageLabs.

Cybercriminals unleash these Trojans on unsuspecting and innocent computer users, often through spam. This malware gives them remote access to the victim’s computer and lets them send out huge quantities of spam from the machine. The end user never knows.

Botnets also have the ability to retrieve information such as cracked usernames, passwords, credit card numbers and other personal data stored in the Web browser’s auto-fill database. MessageLabs analysts reported an increased number of bad guys renting thousands of bots for just US$50 to $60 a week, with the option of trading payment for stolen credit card numbers.

“SpamThru Trojans can learn about other bots and create peer-to-peer communities, much the same way file-sharing networks operate,” Paul Wood, a senior analyst at MessageLabs, told the E-Commerce Times. “Once a cybercriminal gets a bot on one computer, that computer becomes a new channel and will contact many other bots to let them know where they are. Then the bot network can access that computer and send out even more spam.”

Feeling the Pain

John Levine, president of the consulting firm Taughannock Networks and co-chair of the Internet Research Task Force’s anti-spam research group, is feeling the pain of doubling spam volumes in his in-box. He reports seeing thousands of spam messages a day that are deterred in his filters. Many more make it to his in-box.

“Every hour I spend maintaining my spam filters is an hour I’m not working on something useful,” Levine noted. “It’s also costing the ISPs. When you pay twenty dollars a month for service, two or three dollars of that goes to fight spam.”

Spam is taking its toll on individuals and consumers alike. A study released last year by the University of Maryland’s Robert H. Smith School of Business reported that on average, a computer user spent three minutes a day deleting spam e-mail. That amounted to a total of 22.9 million hours per week for users overall. That time translated to a loss of productivity and a financial loss of valued around US$21.58 billion per year.

Now that spam has doubled, that number has likely surged much higher.

Minimizing the Damage

Spam doesn’t appear to be going away anytime soon. Spam filters abound from ISPs and even at the Web host level, but, as Levine mentioned, keeping up with white lists and blacklists is time consuming and not 100 percent effective.

Some spam gets through anyway, and some legitimate e-mail gets stuck in the filter, leaving both senders and receivers frustrated.

Dealing with spam is becoming a competitive differentiator for ISPs — beyond using spam filters, security experts suggest filing complaints to combat spam.

Consumers can also use “junk” e-mail addresses that are separate from their primary address when signing up for memberships, subscriptions or other Internet activities that require an e-mail address.

Finally, don’t open spam, and don’t use auto responders because they reply to spam.

“Many times, spammers are just guessing at e-mail addresses,” IronPort noted. “They aren’t sure, so when you open the message, there could be Web bugs inside that communicate back to the sender that they have reached a valid address — so they send more spam. Delete anything that appears to be spam, and report it to your ISP.”