Last week, Commtouch announced its new defense against image-only spam, a problem that Commtouch has found to be on the increase over the past several months. Complicating the problem is the fact that spammers who send image-only spam can vary their content slightly in an effort to fool conventional anti-spam defenses. Commtouch's Recurrent Pattern Detection technology uses a variety of sophisticated algorithms that can detect image-based spam, including variations in the same message.

Related links

For webinars or research on messaging, or to join the Osterman Research market research survey panel, go here. Osterman Research helps organizations understand the markets for messaging and directory related offerings. To e-mail Michael, click here.

Community

New spin on chip design

VitalStream scoops up ad software

Mirror Image to up capacity

All security forums

Proofpoint's MLX offering also uses a series of algorithms to detect image-based spam, as does Vircom's http://www.vircom.com Modus 4.35 - Vircom claims that Modus can stop 98% of image-based spam. SPAMfighter, on the other hand, takes a less sophisticated approach. When a user provides feedback to the SPAMfighter system that a particular image-based message is spam, the image is assigned a unique identity. If multiple users identify the same message as spam, the identity is confirmed and the message is subsequently blocked for other users.

Image-based spam is clearly just another avenue for spammers to attempt to circumvent spam filters. I expect to see an increase in this type of spam during the coming months, since many anti-spam solutions are not designed to directly address it, making it possible for spammers to achieve higher delivery rates, particularly for home-based users.

Another growing problem is the use of VoIP as part of phishing attacks that are growing more sophisticated. In this form of attack, spam messages, supposedly from a financial institution, include a phone number for recipients to call to address problems with their account and provide personal account information. The numbers, however, are VoIP numbers that phishers can rapidly generate and abandon, making them even more difficult to catch. Cloudmark was among the first to discover and respond to the problem.