Image Spam

Posted on behalf of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Service
The use of images in spam is well known, and has been going on for as long as it has been possible to send images in email messages. There are many reasons for using images in email, from simply making the email more interesting, or adding a look of professionalism, to attempting to evade text based spam filters and signatures. The use of remote images in particular has been steadily increasing over the last 16 months.
In remote images, the image is not actually contained within the email itself. Instead the email uses HTML to link to a remotely hosted image, which most modern email clients will render just like a web browser. There are good reasons a spammer would want to use remotely hosted images. First, they can change the content of a spam run at any time without having to update templates or make any changes to their bots. Second, with a remotely hosted image, the spam mail itself only has to contain a few lines of HTML, but the image can contain whatever the spammer wants. This makes the spam emails much smaller, which in turn allows their bots to send out much more spam per minute than they could if the image were attached. Also, a remote image (continue reading...)