New image spam sneaks into inboxes

Researchers monitoring a botnetwork have discovered a new type of image spam sneaking past corporate spam blocking systems and clogging many inboxes.

Because they're linking from an image hosting site, they're conducting a much more professional looking campaign and it's flooding into people's inboxes. Dmitri Alperovitch, chief research scientistSecure Computing Corp.

Rather than attaching an image within an email, spammers are using an image hosting site to link directly to the image, significantly optimizing their volumes, said Dmitri Alperovitch, chief research scientist at Secure Computing's TrustedSource Labs. The spam message that lands in the users' inboxes looks just like the image spam that people have been accustomed to seeing, but instead of the image being attached to the email, it is linked from the ImageShack website, Alperovitch said.

"Because they're linking from an image hosting site, they're conducting a much more professional looking campaign and it's flooding into people's inboxes," Alperovitch said.

One of the first spam images sent with the new method was an advertisement for a penny stock, complete with a listing of legitimate stock brokerage firms. The images are a threat to corporate environments because they can lower productivity. Over the course of the last year, the percentage of spam made up of image-based spam went from single digits to over 30%, according to Secure Computing.

Alperovitch and other researchers made the discovery while monitoring a botnet command and control center connected to the Grom malware. The researchers believe the spam network is tied to Russian malware writers.

Attacking spam: Battling image spam: Recent reports indicate that image spam is on the rise. Spammers are also getting sneakier, using techniques like image tiling to avoid simple image spam filtering techniques. Reputation systems gaining credibility in fight against spam: Now that nearly all organizations are employing some sort of anti-spam technology, spammers know their only hope for success lies with outwitting spam-detection strategies. Will using whitelists and blacklists effectively stop spam? Blacklists and whitelists are two instruments that can fight spam, but are they your best option? Application security expert Michael Cobb provides the antispam answers.

The new image spam is a victory for spam writers who have been challenged by antispam vendors in recent months, Alperovitch said. In order to get around the new image filtering technology deployed by many antispam vendors in recent months, the spammers have had to go to more extreme lengths to obfuscate their images and introduce random pixels, changing colors and animation, he said. The sophisticated algorithms resulted in a decline in the amount of spam filtering through to corporate email inboxes, he said.

"Now they've dramatically improved the speed of spam deployment," he said. "They no longer have to generate an image on the spot and there's no complex algorithms needed. All they have to do is send a link within the email and it's all done very quickly."

Trying to capitalize on spam marketing, spam writers are increasing the size of their botnets globally, Alperovitch said. Botnets have doubled over the last six months, increasing from 250,000 new zombie computers coming online and participating to more than 500,000.

Mike Rothman, president and principal analyst of Atlanta-based Security Incite said reputation based antispam systems are making a dent in the amount of spam making its way into corporate systems. Reputation based systems use the senders IP address to determine the intent of an email message. When used with other spam-detection tools the amount of unwanted messages can be significantly decreased, Rothman said.