Graphic spam: how to avoid spam filters using images


Graphic spam: how to avoid spam filters using images

According to the latest reports of the IT security companies Sophos and Symantec the amount of graphic spam is about 30-40% in the total amount of junk mail. The worst thing about it is that quite often such emails manage to squeeze through the filters, no matter how strong is the installed anti-spam solution. By graphic spam specialists mean two types of emails: messages containing only a picture or those containing both a picture and some text. The main problem for spam filters is advertisement messages containing only graphic files. This type of spam is getting more and more popular and becomes a real challenge for the companies producing anti-spam software.

The idea of graphic spam was introduced a long time ago but quite soon afterwards spam-filters became capable of detecting such messages and before 2007 graphic spam was not used very often. However recently spammers have found new ways to produce advertisement pictures that are very difficult to detect using known approaches. That gave a new start for using graphic spam and became a headache for users. The approaches currently used for detecting graphic spam are based on comparing attached files with so-called graphic signatures. In order to trick these technologies special programs are modifying initial files and make many slightly different pictures by changing colors, shifting borders, skewing several letters or replacing the background. So, when spam messages are sent there are no identical pictures in them, which makes spam detection substantially more complex.

Last summer there was some information in the media about a mysterious extra frame in animated pictures added by spammers to subconsciously influence readers. In fact, the main goal of introducing animated graphics was to get through spam-filters. Recently this type of graphic spam has been changing and the number of frames in animation has reached 20-30 pieces. Spammers are using multilayer pictures when letters and words are cut into parts, which are distributed between different frames, and only viewing the whole animated picture a reader can see the complete text of the advertisement.

One of the relatively new types of graphic spam is PDF-documents. Symantec specialists have already spotted several varieties of this type. In one case a PDF-file was simply a news message and the letter was made professionally so it didn't look suspicious at all. In another case, a similar letter was sent with an attached PDF-document that appeared to be graphic spam in the hope that the letter will not be detected by spam filters. Last summer, during 10 days between 17th and 27th of June, the letters of the latter type were sent to about 32 million users.

Apparently, spammers consider graphic type of spam as a promising technology, which opens many ways to avoid detection by anti-spam software, and will extensively develop it. This means that in the nearest future the amount of "spam in pictures" will be growing rapidly. However, the latest versions of anti-spam software are ready to meet the challenge and are already capable of detecting many types of graphic spam.

Read the other articles

About the Author: Mike Grunch, Tech Writer at LuxContinent.
Anti Spam for Outlook

Copyright ©
All rights reserved