Spam volumes rocket as images bypass filters says security firm

Out-Law News | 30 Jun 2006 | 2:18 pm | 1 min. read

Spammers are using picture messages to bypass email filters, according to an information security firm. The images evade detection from filters mostly based on keywords, according to the company.

IronPort Systems has issued a report detailing the increased incidence of image-based spam over the last 12 months. "Image-based spam has exploded, growing from less than 1% of all spam in June 2005 to more than 12% of all spam in June 2006," said a company statement. "This represents more than five billion messages per day, 78% of which pass right through first and second generation spam filters."

Spam filtering relies on a mixture of content reading and sender analysis to determine what is and what is not spam. Messages embedded in a picture are not readable by traditional filters, because the information is not text.

The trend is part of an overall resurgence in spam volumes, according to IronPort. While spam volumes seemed to be tailing off at the end of last year, a recent spike has attracted security companies' attentions.

"Over the last six months spam volumes have resumed their hyper growth rates," said the IronPort statement. "From April to June 2006 spam volumes have surged 40% worldwide. The company now estimates that 55 billion spam messages are sent every day, compared with 30 billion one year ago.

"With image based spam techniques, spammers are using sophisticated methods of varying each image slightly with each spam attack," said Tom Gillis, senior vice president at IronPort. "[These changes are] imperceptible to end users and invisible to signature-based filters. It is similar to snowflakes in a blizzard – billions are sent but no two look exactly alike."

The trend was confirmed by security firm Cloudmark, which told IDG News that half of the spam caught by its 'honeypot' system now consists of images, a trend it said had emerged to a serious extent in the last six months.