Spammers quick to "captcha" through use of images

"Insidious designs" defeat technology

Image-based spam now accounts for more than one-third of all spam clogging the Internet.

Details of the new threat were released in a monthly security report entitled The State of Spam, which was issued today by Internet security vendor Symantec.

The report analysed global spam levels in December and found more insidious design behind spam today than in previous years.

Alarmingly, spam levels reached 80 per cent of all messages during December. However, a more insidious threat, the use of spam to defeat Optical Character Recognition (OCR) technology, was more prevalent.

Around December 16, 2006, global image spam accounted for more than 45 per cent of all spam, falling to 35 per cent later in the month.

Dubbed Captcha (Completely Automated Public Turing Test to Tell Computers and Humans Apart), this image spam is used widely online to prevent unwanted access by automated programs.

"Users who have been asked to enter letters and numbers which correspond to a graphic showing a wavy string of characters have used a Captcha," the report said.

"Spammers are experimenting with Captcha to evade spam detection by systems that are heavily reliant on optical character recognition (OCR) technology.

"The technology creates randomized text with distorted characters that can be identified by humans, but are intended to not be recognizable by computers."

Spam level statistics from security vendor Marshal state even the average spam message size through December 2006 increased as a result of the effectiveness of image spam.

According to Marshal's TRACE (Threat Research and Content Engineering) team, image spam hit record highs in December.

The vendor said in the week of December 19, 2006, image spam reached a high of 48.9 per cent of all spam.

Paul Ducklin, Sophos Asia Pacific head of technology, said the Sophos Security Threat Report 2007, to be released tomorrow, shows the image spam percentage in December 2006, on a global scale, to be around 35 per cent, up from 18.5 per cent in 2006.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Marshal8e6SophosSymantec

Show Comments