Malware

Image spam gets fuzzy


Fuzzy text, or Captcha, that is used to make text unrecognizable to computers (to prevent automated registrations) is now being used by spammers to prevent spam filters from recognizing images hidden in PDF files. An article from Register reports on a spam message that arrives as a distorted text image in PDF format.

Here's a quote from the article:

Neil Cook, European technology chief at anti-spam specialist Cloudmark, called it "a kind of Turing test for spam filters."

Indeed, the technique could force spam filters to include image recognition as an integral part of the system. PDF-based filtering itself poses a serious challenge to spam filters. Also, image-based spam has been gaining ground in recent times. Spam consumes a major chunk of network resources world-wide and now spam filter creators have to realize that any technique that targets computers can be potentially used against their filtering systems as well!

While techniques are figured out to conquer these new kind of attacks, users and enterprises must ensure that the latest updates are applied across spam filters at their organization.

4 comments
cgers
cgers

Our Barracuda filter is catching 99% of them. The first few days we started getting them it was only cathing about 70%... but within 72 hours Barracuda had updates available that is keeping my users from having to see them in their inbox.

PatrynXX
PatrynXX

Been seeing more and more pdf's arriving. I was simply assuming my local ISP's virus scanner wasn't working.

Larry the Security Guy
Larry the Security Guy

Spammers have been using every trick they can devise to foil filters, like adding gibberish or non-printed characters, or putting their spam into a graphic. The sad thing is, all that effort makes their messages simply scream spam. They include spam indicators in those PDF messages, too (not that I'll describe them in public), that make them easy to spot and delete. To me, it's rather insignificant that they're added captchas to the PDFs.

JDThompson
JDThompson

Larry the Security Guy wrote: "The sad thing is, all that effort makes their messages simply scream spam. They include spam indicators in those PDF messages, too (not that I'll describe them in public), that make them easy to spot and delete." Sure, but as they say, there's a sucker born every minute and the overhead for these spams is so low it doesn't take many sucker hits to come out ahead. BTW, the SpamAssassin mailing has a good discussion on image spams, pdf spams,how to recognize them and flag them appropriately.

Editor's Picks