Image spam: Not a pretty picture
- By Wade-Hahn Chan
- Nov 16, 2006
Security experts warn agencies to expect more and more security problems entering their networks through something called image spam.
Image spam consists of a picture that is embedded in an HTML e-mail. Since many common anti-spam solutions rely on text scans to identify spam, image-based e-mails will slip right by. That leaves the door open for traditional spam problems, such as malware and embedded ActiveX controls.
The use of image spam is on the rise. In October, for example, image spam accounted for nearly 25 nearly of the 62 billion spam mails sent out, according anti-spam vendor IronPort. To make matters worse, image-based messages are larger in size, so they eat up more bandwidth, according to the company.
“The increase [in spam] has negatively impacted our operations and has caused work queue backups on heavily loaded systems,” said Kevin Stine, the Chief Information Security Officer for the Food and Drug Administration.
IronPort has developed software that company officials say can block nearly 98 percent of image-based spam. They do so by extracting text sections from the images and analyzing them with traditional filters. IronPort's solution also looks at how trustworthy a potential spammer's e-mail address is.
“We're not just looking at the content of the e-mail, we're actually looking at the reputation of who's sending that e-mail,” said David Mayer, product manager at IronPort.
That reputation includes analyzing the Internet protocol addresses and domain names of incoming e-mailers, checking to see how much mail that person has sent. A large number of e-mails would flag that IP or domain's “reputation,” filtering out further mail from that source.