Levels of image spam have reached a 19-month high that is getting harder to detect.
Symantec's April 2009 MessageLabs Intelligence Report revealed that spam increased almost ten per cent in one month when it reached 85.3 per cent of all web-based malware.
Paul Wood, MessageLabs intelligence senior analyst at Symantec, claimed that spam had increased due to botnet activities while phishing levels had gone down, and spammers were trying to make the detection of image spam harder.
Wood said: “Image spam was a phenomena that peaked in 2007, and now we see spammers recycling their techniques in the hope of repeating history. Unfortunately for the spammers, the good guys are ready for the next bout of image spam and the cybercriminals have had to significantly revamp their tactics in order to put up a good fight.”
He claimed that the spam images are now being hosted on trustworthy hosting sites, whilst taking advantage of redirection links from reputable sites in order to obfuscate the true location of the image hosting.
MessageLabs claimed that this is a technique employed by spammers to evade spam filters that examine the domains of the hyperlinks contained in the email, in order to make a judgment about the nature of that domain and the likelihood that it is a spam message.
The report also claimed that other techniques used to evade detection include containing some standard email text, such as unsubscribe opt-outs and privacy links; including randomised words within the content of the message and the use of HTML style tags to hide random text.
Also, the G20 summit and the resulting protests were the subject for a rise in targeted malware attacks over the last two months, peaking in early April.
The report claimed that on average in 2008, the number of such attacks was approximately 53 per day, rising to around 60 per day in Q1 2009. In the run-up to the G20 summit held in London on 2nd April, and the days following, the number rose to approximately 100 per day.
It claimed that the recipients of these attacks included financial organisations, including individuals from some of the central banks involved with the G20 summit. The email included a PDF attachment, which if opened would cause a Trojan downloader to be installed and executed. This would then download further spyware components onto the target computer. It was noted that some attacks were crafted as replies to actual non-malicious emails, indicating that at least one of the recipients had already been infected.
Wood said: “With recession-related spam and phishing attacks already appearing this year, it was just a matter of time before other fraudsters got in on the act. Consumers need to increase their online vigilance in such testing times.”