ghacks Technology News

Advanced Spam Mails


Spammers tend to use more advanced spam methods to avoid the dreaded spam filters that become better and better. I would like to present some examples from my personal mail folder and analyze the latest image spam trends. Many spam filters concentrate their efforts on blacklists and the text that the mail contains. Spam that is not caught immediately will be caught in the future if the user marks that mail as spam. Language and keyword filters and white lists do their part and reduce spam and false positives.

spam image exampleImage spam on the other hand is on the rise because of several new spam techniques that make it pretty hard for the filters to automatically recognize spam.

The left image is an example of a typical image that is send in spam mails. The following techniques were used in this mail to bypass the spam filter. The first obvious element are random pixels that overshadow some part of the image. This is done to create random images which can bypass spam filters even though an image with the same information arrived before in your mailbox.

Another option to create a unique image would be to use colors that look the same to the human eye but differ for the computer. Randomizing the process creates unique images as well.

Some spammers use different layers for a set amount of pixels which makes it incredibly hard to to use hash values to determine spam images.

The last aspect of such a spam mail is seemingly random text that is copied before or – more often – after the image. The text itself has nothing to do with the intention of the spammer. It is solely used to simulate a normal mail with a set amount of neutral and positive words.

spam image exampleThe image on the left shows another image that is often used to bypass spam filters. It uses random colors much like the previous image used random pixels that made the image unique.




Tags: , , , ,
Categories: Email, Security

Previous Post: Hijack This 2.0 beta

Next Post: How to bypass Vista activation

Read Related Posts

  1. FDF File Spam is on the rise FDF File Spam is on the rise
  2. How to filter fake membership and e-card spam mails How to filter fake membership and e-card spam mails
  3. best free anti spam software best free anti spam software
  4. How do spammers spam? How do spammers spam?
  5. PDF Email Spam on the rise PDF Email Spam on the rise
  6. A collaborative spam filter A collaborative spam filter
  7. Introduction Series Part 1: Spam Introduction Series Part 1: Spam
  8. Spam filtering with Kmail Spam filtering with Kmail

3 Responses to “Advanced Spam Mails”

  1. lyndonmaxewell says:
    March 13, 2007 at 9:19 am

    I guess the only way now is to bring the ‘manual’ way back into the picture. That is, physically deleting and getting rid of those spam. Nothing beats a human at doing it!

    Reply
  2. Peter Louies says:
    March 14, 2007 at 10:57 am

    At MX Lab (www.mxlab.be) we use of course several techniques like OCR to identify and block image based spam. Not all image based spam are detected and the spammers tends to change the images quite fast to make some techniques less effective.

    It is true that nothing beats the human way of doing it but this is very time consuming. It is possible if you only want to protect your own inbox but again, spam is getting on your system and you spend time in deleting it.

    We use a very simple technique now and have implemented it just before delivery of emails towards the mailboxes. I can’t go too deep into details, spammers might read this also, but it keeps the emails with images for reviewing and also works with whitelisting.

    Reply
  3. Richard Lindley says:
    March 14, 2007 at 2:46 pm

    The best way to beat spam is to stop playing the game.

    I use spam assasin on my front end which catches 98-99% of my companies spam. The remaining 1-2% of mail gets treated to SpamLion (http://www.spamlion.com). SpamLion uses smart sender validation. A first time sender will recieve a challange mail to validate that they are a real person and not a spammer. Once they respond their email will go through to the users inbox. After that, they never have to validate again. Obviously a user can decide to block them. Users can also go through their personal quarantine and release items.

    Some people do not like sender validation because they think it floods the internet with validation mails. If you set it up right and put spam assassin in front of it there is no problem. I have it setup so that an email address will only recieve a challenge mail once every 30 days so if a spammer is using it to send out millions of emails the mail address will never get bombarded. Also whenever a user sends out an email it gets automatically white-listed so a challenge mail is never sent.

    After about 30 days most users stop checking the SpamLion quarantine as by this time their normal contacts have all been white-listed.

    As a mail admin, I must say it is nice not to have to update my rules with the latest spelling of Viagra every week to keep spam out.

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Recent Posts

Popular Articles

Software Updates

by Appnews

Topics

Links

Popular Tags

Follow This Blog

Ghacks Full Feed Twitter  All Feeds

Information

About Ghacks

Ghacks is a technology blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular technology sites on the Internet with five authors and regular contributions from freelance writers.

 

Authors

Joe Anderson
Martin Brinkmann (Senior Editor)
Cheryl Correa
Orrett Morgan
Daniel Pataki
David Pierce
Jack Wallen

© 2005-2009 Ghacks.net. All Rights Reserved. Privacy Policy - About Us