What is it: "One of the big trends
in 2006, that the industry has been struggling with, is spam being
embedded in an image," says David Cole, director of Symantec
Security Response. Dubbed "image spam," it's been replacing
traditional spam, which anti-spam software blocks easily. He expects
to see this trend continue well into 2007.
While spam filters can detect spammy text, images confuse the filter.
"It's very difficult, almost impossible for anti-spam software
to extract text from an image," says Paul Wood of MessageLabs.
Plus, spammers aren't using the same image every time it goes through
the software -- it changes by a few pixels each time, he says.
Typically, image spam advertises medical products such as performance-enhancing
pills -- "stuff you don't want to walk into a CVS and get"
-- and financial spam, including the pump-and-dump scam, says Cole.
In this stock-pumping scam, consumers receive an e-mail claiming
that a particular penny stock is about to skyrocket and encourages
recipients to buy shares of that stock immediately. When they do,
the stock's price jumps and then the spammer, who owns shares of
that stock, sells his shares at the inflated price for a huge profit.
Once the hype stops, the price drops and investors lose their money.
|A common type of image spam
is the pump-and-dump stock scam. In this typical
example, spammers promote a thinly traded stock
and promise that its price is about to skyrocket.
Notice the sense of urgency in this message. Spammers
need victims to purchase the stock all at once so
they can then sell their shares for a quick buck.
courtesy of MessageLabs.|
In general, any spam that contains malicious content will have
a Trojan embedded as a downloadable file or will be at the Web site
you're directed to, says Ronald O'Brien, senior security analyst
with Sophos Plc. So watch for links and attachments.
What you can do: If you really want
to reduce the amount of image spam you receive, look for anti-spam
software that has more than one filtering engine, says David Marcus,
security research and communications manager for McAfee Avert Labs.
is one example.
Other than that, just report and delete all spam, image
or otherwise. You can forward investment-related spam to the Securities and Exchange
Commission at firstname.lastname@example.org
||6 types of Internet scams on the prowl: