Spam is again on the rise, led by a flood of junk images that spammers have crafted over the past few months to trick email filters, according to security vendors.
Called image-based spam, these junk images typically do not contain any text, making it harder for filters that look for known URLs or suspicious words to block them.
Instead of a typed message, users will see only an embedded .gif or .jpeg image file urging them to buy pharmaceuticals or invest in penny stocks.
Antispam vendor, Cloudmark, said half of the incoming spam was now image-based on the "honeypot" systems it puts on the Internet to lure spammers.
"About a year-and-a-half ago we started seeing a little bit of it, but it wasn't until the past six months that it became a serious issue for many antispam companies," a senior research scientist with Cloudmark, Adam O'Donnell, said.
Image-based spam has jumped from about 1 per cent of all spam messages in June 2005 to around 12 per cent today, according to senior product manager with IronPort Systems, Craig Sprosts.
Its growth was helping to fuel a global resurgence in spamming, he said.
The total number of spam messages sent daily was up 40 per cent since April, Sprosts said.
Much of this new spam was coming from a relatively small group of spammers with control over very large zombie networks, of hijacked computers, he said.
Spammers now generate an estimated 55 billion messages per day, according to IronPort. A year ago that number was 30 billion email messages per day. The combination of greater volume and better techniques has meant more complaints for network administrators.
Administrators at Avnet had started stripping certain embedded image files out of all messages, after seeing an uptick in image-based spam two months ago, manager of messaging services with the US computer distributor, Rob Kudray, said.
One other tactic that is helping keep in-boxes full is the spammers' practice of constantly registering new domains.
Of the 35 million domains registered in April, 32 million were never paid for and expired after five days, Sprosts said.
Many of those domains were used by spammers to send out their unsolicited email during that five-day grace period, he said.
This technique makes it very difficult to blacklist email based on the URLs it contains.
"Traditional blacklists and whitelist approaches just can't keep up with how fast they're registering new domains and changing the URLs in the email," Sprosts said.