'Image Spam' Slips into Inbox

Spammers have begun using come-ons such as stock-pushing images as e-mail stationery backgrounds to evade antispam technology and shovel their unwanted messages into your inbox.

One antispam vendor has spotted the technique in its early stages, but expects we'll see more of it. In a sample e-mail, the subject read 'GED' and the simple message was "I truly believe you guys would outsell the world if only guys could get their hands on your product." But that pointless text was essentially illegible against a tiled background that contained the real message: a typical pump-and-dump stock scam image, according to representatives of Secure Computing.

Unfiltered Spam

Image spammers have begun using stationery and HTML e-mails to deliver their goods.
Image spammers have begun using stationery and HTML e-mails to deliver their goods.
"Many spam filters look in the [e-mail] body, but don't look into the headers," says Paul Henry, Secure Computing's vice president of technology evangelism. The background image is specified in the message's HTML header, along with other layout and style information. For this sample, the picture was pulled from fcslur.com, which is registered to the ironically-named "Privacyprotect.org" in Wellington, New Zealand.

Henry says Microsoft Office displays the background image if it's configured to display HTML e-mail, and the sample e-mail delivered its payload in Lotus Notes e-mail as well. Setting either program to display only text would block the stationery-using junk e-mail, according to Henry--but would also block wanted images. Thunderbird did not display the background.

Henry says his company is seeing only a small amount of this type of image spam, but believes it's destined to increase. Adam O'Donnell, director of emerging technologies at Cloudmark, which also offers antispam products, agrees.

"People continually try to vary up how they're going to try to enclose their image in spam," O'Donnell says. It's a "technique used to evade [antispam] systems."

Evasion Mutations

The varying techniques used by spammers to try to evade antispam filters mimics the ongoing cat-and-mouse game between malware authors and antivirus companies--and for exactly the same reasons. Spammers and virus-writers alike will attempt to change their spam or virus just enough to evade some automated filters or signature scanners.

Also, this new scam approach comes at a time when the overall amount of image spam is decreasing, according to recent statistics released by antivirus vendor McAfee. The picture-pushing junk mail made up 60 percent of all spam in the first quarter of the year, but in May the amount fell to just 12 percent.

Image spam may decrease, or new evasion techniques such as this use of stationery background may see it increase once more. But one thing is for certain: spam isn't going away any time soon.

"These guys are in business, and they're going to do the amount of work necessary to stay in business," O'Donnell says.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon