Email servers strain under doubled spam load
Much of the spam comes as images - that is, spammers make pictures, with the "sales pitch" text in them. Just about all the image spam I've seen is for illegal pump-n-dump penny stock scams, and they're getting through the spam filters.
I just got a press release from Secure Computing, which included the below chart that says image spam volumes have doubled lately:
This is vendor supplied information, and should be treated with as such, but everything I've seen so far points to Secure Computing being right. Other sources such as McAfee reckon image spam makes up for around forty per cent of the total spam volume now.
Stopping this kind of spam is difficult, especially since some images are rendered dynamically according the text in them and thus vary in size. I've found some useful rules for Spam Assassin at Wonko.com but have yet to install FuzzyOCR, an optical character recognition plug in for SA. Having to use resource intensive OCR doesn't seem like the right way to go. I'm going to see if I can make use of pf's ability to fingerprint connections from specific operating systems, and firewall off say Windows desktop ones.
Have also heard that "greylisting", which temporarily defers reception of email, is effective here.
Image spam takes up more bandwidth than text-based stuff, which in turn may be one reason the Internet seems to be in go-slow mode at the moment. Haven't had any confirmation about this yet though, so pure speculation on my part.
Where does the spam come from then? Well, it could be your Windows box, compromised using for instance the recent SpamThru trojan horse. The recent spam-flood has been accompanied by many more trojans being emailed out to users as well, I note. Clearly, the spammers are seeking more recruits to their bot armies.
Tag(s):
Other related posts:
Flickr targetted in new-style social phish/trojan attack
Comment by Troy, on 2-NOV-2006 03:05
Here's a link to the Secure Computing page which explains Image Spam and includes a link to a White Paper and Press Release on the subject.
Comment by Matt Beechey, on 3-NOV-2006 07:11
Just had a case yesterday of a clients email to me leaving their server to callplus at 12:43 in the afternoon - then being forwarded to my server at 11:38pm - thats 11 hours sitting inside callplus/Slingshot's network!!!!!
I accept their servers are getting bogged down with spam etc but thats ridiculous!
Comment by waiotahi, on 3-NOV-2006 20:03
still can't send out on Ihug!!! - how long is this going to last - its been a few days!
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments.
If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.
Comment by Matt Beechey, on 1-NOV-2006 21:04
I've installed FuzzyOCR recently but also installed Imageinfo - FuzzOCR only kicks in if all other rules are exhausted and its still below the spam score and it's rarely running for me since updating to newer spamassassin and installing "imageinfo". Theres little documentation on this plugin yet but it analyzes the image sizes (dimensions) etc to determine if it could be image spam - I've had FAR less missed spam emails (around 1 every 2 days) and we get around 100 spam a day AFTER our server has kicked invalid recipients at the door using LDAP lookups. Our spam gateway is only a p3-733 with 256mb ram but it is dedicated for the task and it seems to process the OCR VERY quickly.