Image spam: Not a pretty picture

Security experts warn agencies to expect more and more security problems entering their networks through something called image spam.

Image spam consists of a picture that is embedded in an HTML e-mail. Since many common anti-spam solutions rely on text scans to identify spam, image-based e-mails will slip right by. That leaves the door open for traditional spam problems, such as malware and embedded ActiveX controls.

The use of image spam is on the rise. In October, for example, image spam accounted for nearly 25 nearly of the 62 billion spam mails sent out, according anti-spam vendor IronPort. To make matters worse, image-based messages are larger in size, so they eat up more bandwidth, according to the company.

“The increase [in spam] has negatively impacted our operations and has caused work queue backups on heavily loaded systems,” said Kevin Stine, the Chief Information Security Officer for the Food and Drug Administration.

IronPort has developed software that company officials say can block nearly 98 percent of image-based spam. They do so by extracting text sections from the images and analyzing them with traditional filters. IronPort's solution also looks at how trustworthy a potential spammer's e-mail address is.

“We're not just looking at the content of the e-mail, we're actually looking at the reputation of who's sending that e-mail,” said David Mayer, product manager at IronPort.

That reputation includes analyzing the Internet protocol addresses and domain names of incoming e-mailers, checking to see how much mail that person has sent. A large number of e-mails would flag that IP or domain's “reputation,” filtering out further mail from that source.

Featured

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.