Spam messages are getting colourful not to entice users into spammers’ marketing spiels or better trick them into downloading a virus or worm, but to avoid detection by spam filtering tools.
Called image-based spam, these e-mails contain the same type of messages that traditional text-based spam carries, except that the text is embedded in graphical images, making it difficult for keyword-based and signature-based anti-spam software to detect and identify them as unwanted mail.
While many anti-spam tools have been successful in effectively detecting spam messages in text or HTML format, some have been inefficient in catching image spam. That’s because traditional spam removal tools detect unwanted mails by scanning for text-based keywords associated with spam.
When spammers obfuscate the message and add graphical images to it, the chances of getting through the filters become higher, according to Larry Karnis, president of XPMsoftware, a Toronto-based messaging software development firm.
“Spammers realized that graphic images are extremely challenging for computers to dissect and evaluate…and found that this was exceptionally effective in getting through spam filters that were still oriented around looking for just pure text,” said Karnis.
Image spam has been gaining strength over the last two years, according to a report released in November by messaging vendor IronPort. Between October 2005 and October 2006, daily spam messages worldwide grew from 31 billion to 61 billion. Image spam made up 25 per cent of all spam e-mails in October 2006, a huge jump from only 4.8 per cent in October 2005, IronPort revealed.
Just over six months ago, e-mail users at the Ontario Pharmacists Association (OPA) in Toronto would spend at least half an hour a day just ridding their inbox of junk e-mails; many of them were image spam.
Upgrading the firm’s anti-spam package was one of the first projects that John Caivano initiated when he came on board as the OPA’s IT coordinator last year. By energizing its spam-filtering tools, OPA aimed to improve productivity and plug in security loopholes, Caivano said.
“The previous (anti-spam) package was not being properly updated and we were being flooded with spam and the newest wave was the image spam,” he said.
Two months ago, OPA implemented XPMsoftware’s PerfectMail e-mail filtering tool, which Caivano claimed was instrumental in dramatically reducing the amount of junk mail his end-users would receive.
In the last 30 days, OPA received 268,000 e-mails, of which only 18,000 were tagged as acceptable mail. PerfectMail correctly identified 95 per cent of OPA’s spam and blocked it at the gateway, Caivano said. The rest would be tagged as either legitimate mail or possible spam and get to the user’s inbox.
Despite its initial success, Caivano said his team will continuously try to enhance the effectiveness of PerfectMail by increasing the amount of spam it is able to block outright.
PerfectMail comes with a scoring feature, where the lower the score the more likely it is to be legitimate mail. “We’re working to improve its performance by pulling some of the thresholds even a little lower without running the risk of blocking legitimate (mail), so we’re now monitoring the first two months (of traffic),” Caivano said.
PerfectMail also comes with a reputation engine wherein the software establishes a sender as someone known to a user. A first-time sender’s e-mail, for instance, would be scanned for spam content. If none is detected, it’s allowed to get to the user’s inbox. Once a receiver responds to that e-mail, PerfectMail establishes that the sender and receiver are e-mail peers so future exchanges are facilitated, explained XPMsoftware’s Karnis.