 Image spam is back
Wednesday, 18 October 2006
Image spam seems to be back, bigger and more annoying than ever. What’s even more annoying is that this type of rubbish is also difficult for spam filters to catch due to its nature. For instance, looking at the following sample image clearly shows us that if we have our email client configured to show HTML images, we’ll see something like this:
Looks like text but it’s actually just an image. That’s why this type of rubbish is difficult to detect. We’re not aware of any spam filtering tools which have optical character recognition, and without that sort of capability, it’s impossible to look for any dodgy phrases like “hot stock alert”, “investors watch out” or “get harder”.
Having spent some time monitoring the commonalities between image spam emails, we’ve concluded that all we had to do was add the following regular expression pattern to our spam filtering software:
REJECT = <img\s.*src\s?=
Essentially, all we’re doing is looking for an instance of a HTML “img” tag, with a “src” attribute. As an additional bonus, the above pattern also allows us to reject phishing scams, mass-mailing worms and those idiotic single pixel web bugs.
|
