Image-based Spam on the Rise

Have you noticed more spam in your inbox lately? You’re not alone.

Among the lead culprits in the spam overflow is a new take on an old technique called image-based spam. By definition, image-based spam contains its unwanted content inside of graphics, making it difficult for some spam filters to identify.

According to a new study from e-mail security vendor IronPort, image-based spam in June of 2006 represents 12 percent of all spam, up from only 1 percent in June of 2005.

Security firm CipherTrust reports an even higher percentage of image-based spam at 15 percent.

“While using images in spam is not a new concept, changing the image in real-time in each delivered spam message is a relatively new capability that the spammers have been able to acquire,” Dmitri Alperovitch, research
scientist with CipherTrust told

“This is due to the development and release of the new high-performance software marketed in the underground markets that is able to randomize images in a very high-performance fashion and allow spammers to send millions of them every

Each of those messages may well appear to be unique to the spam filters, which makes identification particularly challenging. Craig Sprosts, senior product manager at IronPort, noted that with the tool each spam message is as unique as a snowflake.

An increase in the number botnots and their associated zombies is also helping to drive increasing volumes of unwanted content into inboxes. Botnets are made up of armies of compromised zombie machines that are controlled by a malicious host that has infected them in some way.

IronPort’s data suggest that more than 80 percent of spam is sent via a zombie. That percentage is likely to be fueled by the increasing number of new zombies as well.

CipherTrust’s data reveals that in May, there were nearly 300,000 new zombies each day.

The increase in zombies and image-based spam is also leading to an increase in the overall total amount of spam. IronPort’s analysis notes that between April 2006 and June 2006 spam volumes grew by 40 percent. The new growth in spam turns the table on what had been spam volumes that were beginning to level off in 2005.

If current trends continue, it may well get worse before it gets better.

“I would say that a year ago many people were thinking that we had turned the corner and I think that this new data is indicative that we still have a ways to go until we actually do turn the corner,” IronPort’s Sprosts said. “I think we will see a spike and an increase over the next 3-9 months until new technologies are deployed that can detect the new forms of spam.”

News Around the Web