Spammers and Messaging Vendors in Constant Battle of One-Upmanship

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Like comic book super villains, spam kingpins always seem to find new ways to thwart the technology heroes that fight against junk mail. Just as it seems that they've finally been vanquished, they manage to elude the traps laid by anti-spam technology vendors in order to flood the inboxes of innocent users.

Last year was a case in point. Throughout much of 2006 there were some in the IT industry that were ready to proclaim victory over the spam problem, only to find a new wave of spam cropping up late in the year that was even tougher and more filter-proof than before.

While the resurgence surprised some, many in the anti-spam community were hardly shocked by the up tick that started at the end of the year. "Spam kind of reemerged with a vengeance last year, but that's not new," says Willy Leichter, director of product marketing for Tumbleweed. "Or, it's not new to us. There've been these waves of spam countermeasures that will be effective for a few months, then the spammers adapt. They're very responsive to whether they're being blocked and whether something's getting through. And they're very much monitoring what the defensive techniques are. So, it's this ongoing spy-vs-spy game where these cycles have gone on."

Countering Image Spam Influx

Much of this recent flare-up of spam can be attributed to the latest weapon in the spammer's arsenal: image spam. Spammers got wise to the last generation of text filters and began pitching their wares by embedding words into images.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

"It's shaken the industry up. A lot of the older filters that are signature base just got blown by," Leichter says. Security messaging companies such as Tumbleweed fired a shot over the spammers' ramparts by indexing frequently used spam images and blocking messages embedded with these files. But the spammers have been responding with even more sophisticated methods to push image spam through.

"We're rapidly getting into the second or third round of image spam innovation," Leichter says. "You almost have to have a grudging respect these guys. What they've very cleverly done is started to randomize them so that every one is different. Like snowflakes."

For example, some spammers have created programs that will make slight changes to a source image to create thousands of different images out of a single file. "They can change the colors, they can put some random line and patterns and things in the background to make it more difficult for the automated character recognition to try to analyze it," says Paul Wood, senior analyst for MessageLabs. "Sometimes they have wavy lines or text so that you can read it as a person, but a computer will find it really hard to read."

These techniques have vendors scrambling around the clock to find ways to win this latest round of one-upmanship. Many have had to gain the right people and resources to better understand image technology, a niche that wasn't top-of-mind for most messaging vendors until very recently.

"What we had to do to defend against it is to get into image processing technology - kind of analogous to what we do with text," Leichter says. "But you've actually got to dissect the image and tell if you've seen a similar one before. That involves very sophisticated state-of-the-art mathematics to determine if this image is new or not. Anything short of that is just guessing around the fringes."

Looking outside the envelope

However, simply playing the image analysis game may only do so much. Spammers are already reacting to the processing of spam images in a number of ways that will likely flummox filters yet again.

"What we're starting to see now is, it's still image spam, but it's slightly different in that the image isn't attached to the message itself, it's hosted on the Internet on free file sharing sites like FreeShare, ImageShack and a number of others," Wood says. And even beyond the immediate horizon, there will likely be new innovations to get around old filters because that is how spammers have been operating for years.

According to experts such as Leichter and Wood, this is why vendors must take a more rounded approach to the problem, rather than simply reacting to the content of the spam. "Spam is kind of viewed as one monolithic problem but it's actually many different problems that usually fall into one of two different buckets," Leichter says. "One is looking inside the envelope, reading the message and trying to figure out whether you want it or not. The other is just looking at the outside of the envelope and looking for other clues that would tell you that this is not something you even need to open. Like you do with junk mail."