The return of image-based spam

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   
“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   

“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

 

One interesting side note: In the last spike in 2007, the overwhelming majority of image-spam content was pushing penny stocks [zdnet.com] as part of pump-and-dump schemes. Today, the cybercriminals behind image-spam runs are selling drugs. 

Some characteristics:

  • Most of them are of pharmaceutical nature, advertising drugs, pills, etc.
  • Only a few of them use random pixels, and many of them even have identical binaries.
  • Many of these spam messages contain random text below the image.
  • Most of them do not contain any web links that the user can click.
  • Most of them ask the user to visit a .com Web site with a domain name consisting of six digits like 123456.com, and the user has to manually type that URL into the browser.

Suggested articles