The return of image-based spam

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   
“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   

“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

 

One interesting side note: In the last spike in 2007, the overwhelming majority of image-spam content was pushing penny stocks [zdnet.com] as part of pump-and-dump schemes. Today, the cybercriminals behind image-spam runs are selling drugs. 

Some characteristics:

  • Most of them are of pharmaceutical nature, advertising drugs, pills, etc.
  • Only a few of them use random pixels, and many of them even have identical binaries.
  • Many of these spam messages contain random text below the image.
  • Most of them do not contain any web links that the user can click.
  • Most of them ask the user to visit a .com Web site with a domain name consisting of six digits like 123456.com, and the user has to manually type that URL into the browser.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.