I had a discussion with Vircom's CEO about the problems the e-mail security vendor is encountering with spam that contains only an image of an advertisement
or other message with little or no meaningful text. (A typical image-based spam consists of just a single image that contains
an advertisement, or a single image with nonsensical text designed to fool spam-filtering systems.) Here's what Vircom is
finding:
 Related linksFor webinars or research on messaging, or to join the Osterman Research market research survey panel, go here. Osterman Research helps organizations understand the markets for messaging and directory related offerings. To e-mail Michael,
click here.
* About 7% of spam today is image-based spam, up from 3% in 2003.
* The majority of image-based spam comes from zombie networks. Vircom is finding that 85% of such spam is being generated
from these networks and that the traffic tends to be very spiky. As of the time of our discussion, Vircom was finding very
little image-based spam, but the peaks can increase the amount the company finds dramatically - by 100 times in some cases.
* Image-based spam generators scramble their content so as to make detection more difficult. Vircom is seeing fonts and colors
changes frequently in an attempt to avoid detection by signature-based filtering tools. In 2005, 51% of image-based spam was
scrambled vs. 77% today.
* To a greater extent than conventional spam, image-based spam tends to be campaign-oriented, implying that relatively few
people have control of the zombie networks that distribute most of this stuff. For example, a typical campaign for an image-based
spammer might advertise some sort of stock deal, followed by a major campaign for medication, etc.
Vircom's approach to blocking image-based spam is to detect image similarities instead of using pattern matching or spam signatures.
The company has found that it can block about 98.5% of image-based spam with a false positive ratio of under 0.1%.
|
