Image spam returns with a vengeance

Spammers have turned back the clock and are recycling a years-old tactic by planting their messages in images, a security researcher warned Wednesday.

Image spam, which hit a peak in late 2006 and early 2007, has made a comeback, said Holly Stewart, the threat response manager of IBM Internet Security System's X-Force team. After barely registering during most of 2008, image-based spam accounted for about 25% of all spam by the end of last month.

"They're doing the same kind of image-based spam as in 2006 and 2007," said Stewart. "It's very surprising."

It's surprising because spammers that rely on technological trickery rarely return to an older tactic once anti-spam vendors have figured out how to detect the junk mail. "But what they're doing now is exactly what they were doing before," added Stewart.

When spammers first started using images rather than text, they were successful at slipping their pitches through filters, which were designed only to parse text and look for such things as links. Their success led to an explosion in image-based spam, with spammers and security firms playing a cat-and-mouse game for months.

The only real difference this time around, Stewart said, is the sales pitch. "Most image spam was stock 'pump-and-dump,' but now the focus is on drugs and pills, something to make you feel better in hard times," said Stewart, who credited the change to the recession and the poor performance -- and even harsher perception -- of Wall Street.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine