Mutating Image-Based Spam on Upswing, Experts Say

Spammers are increasingly sneaking their messages past e-mail filters by sending their pitches as images rather than text, spam experts say.

The images fool some filters because they have no easy way of knowing whether a graphical file contains an innocent photograph of a friend's birthday party or embedded text pitching Viagra or a company's stock.

The development marks yet another escalation in the battle between spammers and filter developers: As software gets smarter at detecting junk, spammers get smarter at fooling the filters.

• Click here to visit's Cybersecurity Center.

Until last year, the use of image spam had been in decline as anti-spam filters figured out how to detect it — often by applying a mathematical formula to known spam images and generating a unique signature that software can use to flag junk, said Craig Sprosts, senior product manager for anti-spam vendor IronPort Systems Inc.

But earlier this year, tools began circulating among spammers to automatically vary images ever so slightly — a change in color here, a slightly larger border there. That changes the signature, helping it escape detection.

"If you are trying to fingerprint that image, it appears different every time," said Dmitri Alperovitch, principal research scientist at anti-spam vendor CipherTrust Inc.

Since April, IronPort has seen a 40 percent increase in image spam sent to so-called "honeypot" accounts set up solely to attract junk messages for analysis.

IronPort and CipherTrust both say that image spam now accounts for 15 percent of all spam, up from 1 percent earlier in the year.

Image spam can also tax e-mail systems because each message is about 7.5 times larger than regular spam, Sprosts said.