Home  › Email › Email Marketing

New Image-Based Spam: No Two Alike

  |  June 28, 2006   |  Comments

Spammers now modify each image sent out to sneak through filters undetected, causing a higher percentage of messages to reach the inbox.

Image-based spam has increased twelve-fold in the past year, and a higher percentage is making it past spam filters. According to research released by security gateway provider IronPort, images are varied each time a message is sent out.

Spam images are changed each time a message is sent. The difference may be a change in the border, or the variance of one pixel, but the change is enough to get past traditional content and signature-scanning filters. These spam messages are compared to snowflakes because each one is different.

"Every image is in fact unique, but from a distance it will look identical," said Craig Sprosts, senior product manager at IronPort. "Think of it as a snowflake having different patterns. The image will have random dots inserted."

Over the past year (June 2005 to June 2006), image-based spam increased from 1 percent to 12 percent of spam volume. Image-based spam accounts for over five billion messages per day. About 78 percent of this pervasive spam passes through first- and second-generation spam filters. Sprosts estimates about 30 percent of spam delivered to an individual’s inbox can be this type image-based messaging.

Image-Based Spam Activity
Parameter June 2005 June 2006 Change
Image spam prevelance 1% 12% 11 percentage points
Duration of spam URL 48 hours 4 hours 12 times faster
Volume of spam 30 billion 55 billion 83% higher
Source: IronPort, June 2006

"This technique is primarily built to get through spam filters," said Sprosts. "The images are sent in the file and not pulled down, because these images are imbedded as a file in the message itself, there is more of a chance of seeing the offer, it could increase response rates."

The imbedded image also increases the size of each message. Sprosts said image-based spam can be about eight times larger than a regular spam message. A typical message is around 8k in size, compared to 70k for messages sent with this new tactic. "It will tax the infrastructure [of a business” even more," he said.

The program that creates these unique, image-based messages is distributed to and sent from botnet (define) or zombie (define) machines. The company estimates that over 80 percent of spam is sent from these hijacked machines. Spammers rotate through zombie networks every few hours and change IP addresses to evade blacklists.

A similar rotation takes place with the URLs used in spam. The average lifecycle of a domain used in a spam message was 48 hours in June of 2005. In that time the domain would be detected and added to blacklists. The average duration of a URL is now four hours or less. The quick changeover of Web addresses evades blacklists and also exploits domain registration. Domains are used and allowed to expire before registration is paid for. "In April there were over 35 million domains registered, 32 million of which were never paid for and expired after five days," said the report. The practice brings the cost of registering a domain to zero and removes any barriers associated with the cost of switching.

"It makes it more difficult to detect spammers because of the speed at which they are changing," said Sprosts.

The study was conducted using SenderBase data, which represents 25 percent of the world’s email traffic and data from more than 100,000 ISPs, universities and corporations worldwide.

ClickZ Live Chicago Join the Industry's Leading eCommerce & Direct Marketing Experts in Chicago
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda and register by Friday, Oct 3 to take advantage of Early Bird Rates!

ABOUT THE AUTHOR

Enid Burns

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

IBM: Social Analytics - The Science Behind Social Media Marketing

IBM Social Analytics: The Science Behind Social Media Marketing
80% of internet users say they prefer to connect with brands via Facebook. 65% of social media users say they use it to learn more about brands, products and services. Learn about how to find more about customers' attitudes, preferences and buying habits from what they say on social media channels.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.

Resources

Jobs

    • Digital Marketing Analyst
      Digital Marketing Analyst (GovLoop) - Washington D.C.Are you passionate about audience acquisition? Love effective copy and amazingly effective...
    • Product Specialist
      Product Specialist (Agora Inc. ) - BaltimoreDescription: The Product Specialist is hyper-focused on the customer experience and ensures that our...
    • Partnerships Senior Coordinator
      Partnerships Senior Coordinator (Zappos.com, Inc.) - Las VegasZappos IP, Inc. is looking for a Partnerships Senior Coordinator! Why join us? Our...