John Graham-Cumming charts the rise of image-based spam.
Copyright © 2006 Virus Bulletin
Anyone looking in their quarantined spam folder will soon notice that a lot of spam these days is being sent using images instead of text.
In a paper presented at the Virus Bulletin conference last month , Dmitry Samosseiko and Ross Thomas of Sophos reported that, on some days, 40% of the spam seen in SophosLabs' spam traps is image-based spam and that the amount of image-based spam has doubled since the start of 2006.
At a birds-of-a-feather meeting on image spam held during the same conference, a representative of one major anti-spam service provider reported that, some days, the amount of image-based spam peaks at 95% of all spam sent, but that 20–40% is typical.
However, image-based spam is not new. The very first trick entered in the Spammers' Compendium  in January 2003 is 'The Big Picture', which entails sending a spam that consists merely of an embedded picture.
Samosseiko and Thomas  report having seen image-based spams in Russian in September 2004. The users of SpamAssassin have been discussing the use of optical character recognition (OCR) techniques since 2002 – indicating that image-based spam has been with us for a number of years. According to IronPort statistics  1% of spam was image-based in June 2005. By June 2006 that figure had risen to 16%.
Within the last six months image-based spam has become a major problem for anti-spam vendors, all of whom have adapted their tactics and issued press releases touting their solutions. The spammers, meanwhile, have not remained idle and have modified the types of image-based spam they are sending in an attempt to avoid filtering.
Clearly, spammers believe that the right battleground between spam filters and spam is in image processing – and accordingly they have switched from the use of ever more complex text obfuscation (which spam filters easily see through – see for example ) to image obfuscation.
At that time images were typically loaded from remote websites using a simple HTML <img src=> tag. But the use of remote images died out as email clients (such as Mozilla Thunderbird and Outlook Express 6 in Windows XP Service Pack 2) started blocking remote images by default, and spammers started sending their images as MIME-encoded attachments (as they still do). The image in Figure 1 was sent as an attached GIF file.
Despite having existed for a while, there was little innovation in image-based spam until 2006. In January 2006 the trick named 'The Small Picture' was added to . Within the next couple of months OCR plug-ins were announced for SpamAssassin.
'The Small Picture' involves embedding GIF images in the email message. Each image consists of a single letter and is positioned strategically within the text of an HTML-based email to form readable text. Figure 2 shows an example of spam using the 'Small Picture' trick.
In Figure 2 the letter 'm' in Ambien, 'o' in Propecia, the first 'a' in Xanax, 'e' in Levitra, the first 'A' in VIAGRA and 'a' in Soma are embedded images.
Towards the middle of January 2006 the trick 'Chop GUI' was added to . Here, the spammer attempted to avoid detection (and possibly OCR) by chopping a single image into multiple, randomly chosen rectangles, and then reconstructing the original image using HTML. Figure 3 shows an example of 'Chop GUI' with the boundaries between the individual images highlighted; in the real spam there were no boundaries.
Figure 3 is a rather simple example, where the spammer has simply cut a single image horizontally through the text. A much more complex example is shown in Figure 4, once again with the boundaries highlighted. Here the spammer chose random cuts in the image and used HTML to reconstruct it.
At around the same time spammers started to try to resist optical character recognition of their images by overlaying their text with random lines (as shown in Figure 5) or by introducing random stippling of the background, as shown in Figure 6 (which can also be used to change the hash value of the image at will).
More recently, spammers have tried using fonts that are almost humanly unreadable as a tactic to avoid optical character recognition. However, this tactic appears to have died out – given that the fonts are hard to read for even the human recipient (see Figure 7) one assumes that the decline of this tactic has been due to the ineffectiveness of the spams.
Notice that the spam shown in Figure 7 also includes a block of random pixels in the bottom left-hand corner. The purpose of this is to change the hash value of the image each time it is generated.
As spam filters have become adept at filtering these images (albeit with random elements added to attempt to avoid hashing or detection), spammers have adapted to use animated GIFs. In August 2006 the first animation-based trick was added to : 'Animated Noise'.
In 'Animated Noise' the spammer sends an animated GIF with a number of decoy frames that consist solely of random noise, and a single frame that contains the actual spam message. The real frame appears for a long period of time (for example, it may stay visible for ten minutes), whereas the decoy frames appear before and after the real frame and last mere milliseconds. The spammer is attempting to fool the spam filter into missing the real frame, although examination of the animation times makes the real frame easy to detect.
Figure 8 shows three decoy frames used in a real 'Animated Noise' spam.
A progression of the 'Animated Noise' trick was to use the rapidly shown decoy frames to display a 'subliminal' message. As well as flashing frames with random noise added, the decoy frames contained the word 'BUY' in random positions. Figure 9 shows two frames from a 'subliminal' spam.
The frame containing the word 'BUY'’ (there were three such decoy frames) was flashed for 10ms on screen, the frame containing the real spam message remained visible for 17s.
Since finding the real frame is relatively easy (a spam filter need only look for the frame that is displayed for the longest time, or perhaps for the first frame that is displayed for many seconds), spammers have adapted to use both animation and GIF transparency.
The first attempt at using animation and transparency follows the 'Chop GUI' style of splitting an image into parts (in this case strips). Each strip of the image is a single frame in the spam image on a transparent background. By animating the various strips one after another each frame shows through the transparency to the next frame, building up a complete picture. This is called the 'Strip Mining' trick in .
And most recently spammers have taken the animation plus transparency to a new extreme in their battle against OCR by starting from a single spam image and randomly choosing pixels from it to appear on one of two animated frames. In this way neither frame contains text that is readable (by a human or a machine), but the final merged image is readable.
Despite the cleverness of this scheme the developers of the SpamAssassin OCR plug-in report that the latest version of the plug-in merges and OCRs these image spams successfully.
Despite the cleverness of the trickery being used by spammers, current techniques for filtering image-based spam are working. Anti-spam vendors report using a mixture of image hashing, regular expressions and examination of image meta data (such as the palette, presence of animation and compression ratio) to catch image-based spam. A great danger for spammers is that (as in the case of text-based spam) they become enamoured with the obfuscation possibilities present in image-based spams only to see their spams easily filtered just by detecting the obfuscations themselves.
Spam filter authors will need to be on the lookout for new image-based spam techniques as spammers are innovating actively to attempt to avoid detection. Recently spammers have started to switch from GIF formatted images to PNG, some spammers are corrupting their images deliberately to make decompression difficult, and others are reporting that an image is a JPEG when it is, in fact, a GIF.
Image-based spam remains fertile ground for spammers and spam filter authors.
 Samosseiko, D.; Thomas, R. The game goes on: an analysis of modern spam techniques. Proceedings of the 16th Virus Bulletin International Conference 2006.
 Graham-Cumming, J. The Spammers' Compendium. http://www.jgc.org/tsc/.
 Sharma, V.; Lewis, S. Exploiting spammers' tactics of obfuscations for better corporate-level spam filtering. Proceedings of the 16th Virus Bulletin International Conference 2006.
 Image-based spam makes a comeback. http://www.dmconfidential.com/blogs/column/Web_Trends/916/.