Researchers monitoring a botnetwork have discovered a new type of image spam sneaking past corporate spam blocking systems and clogging many inboxes.
Rather than attaching an image within an email, spammers are using an image hosting site to link directly to the image, significantly optimizing their volumes, said Dmitri Alperovitch, chief research scientist at Secure Computing's TrustedSource Labs. The spam message that lands in the users' inboxes looks just like the image spam that people have been accustomed to seeing, but instead of the image being attached to the email, it is linked from the ImageShack website, Alperovitch said.
"Because they're linking from an image hosting site, they're conducting a much more professional looking campaign and it's flooding into people's inboxes," Alperovitch said.
One of the first spam images sent with the new method was an advertisement for a penny stock, complete with a listing of legitimate stock brokerage firms. The images are a threat to corporate environments because they can lower productivity. Over the course of the last year, the percentage of spam made up of image-based spam went from single digits to over 30%, according to Secure Computing.
Alperovitch and other researchers made the discovery while monitoring a botnet command and control center connected to the Grom malware. The researchers believe the spam network is tied to Russian malware writers.
The new image spam is a victory for spam writers who have been challenged by antispam vendors in recent months, Alperovitch said. In order to get around the new image filtering technology deployed by many antispam vendors in recent months, the spammers have had to go to more extreme lengths to obfuscate their images and introduce random pixels, changing colors and animation, he said. The sophisticated algorithms resulted in a decline in the amount of spam filtering through to corporate email inboxes, he said.
"Now they've dramatically improved the speed of spam deployment," he said. "They no longer have to generate an image on the spot and there's no complex algorithms needed. All they have to do is send a link within the email and it's all done very quickly."
Trying to capitalize on spam marketing, spam writers are increasing the size of their botnets globally, Alperovitch said. Botnets have doubled over the last six months, increasing from 250,000 new zombie computers coming online and participating to more than 500,000.
Mike Rothman, president and principal analyst of Atlanta-based Security Incite said reputation based antispam systems are making a dent in the amount of spam making its way into corporate systems. Reputation based systems use the senders IP address to determine the intent of an email message. When used with other spam-detection tools the amount of unwanted messages can be significantly decreased, Rothman said.