More images slip past spam detection filters
Published 9:00 pm Saturday, July 1, 2006
Spammers are increasingly sneaking their messages past e-mail filters by sending their pitches as images rather than text, spam experts say.
The images fool some filters because they have no easy way of knowing whether a graphical file contains an innocent photograph of a friend’s birthday party or embedded text pitching Viagra or a company’s stock.
The development marks yet another escalation in the battle between spammers and filter developers: As software gets smarter at detecting junk, spammers get smarter at fooling the filters.
Until last year, the use of image spam has been in decline as anti-spam filters figured out how to detect it – often by applying a mathematical formula to known spam images and generating a unique signature that software can use to flag junk, said Craig Sprosts, senior product manager for anti-spam vendor IronPort Systems Inc.
But earlier this year, tools began circulating among spammers to automatically vary images ever so slightly – a change in color here, a slightly larger border there. That changes the signature, helping it escape detection.
“If you are trying to fingerprint that image, it appears different every time,” said Dmitri Alperovitch, principal research scientist at anti-spam vendor CipherTrust Inc.
Since April, IronPort has seen a 40 percent increase in image spam sent to so-called “honeypot” accounts set up solely to attract junk messages for analysis. IronPort and CipherTrust both say that image spam now accounts for 15 percent of all spam, up from 1 percent earlier in the year.
Image spam can also tax e-mail systems because each message is about 7.5 times larger than regular spam, Sprosts said.
Virtual boxes separate the good from the potentially bad: A vendor of security software wants to make the Web safer to browse by creating virtual boxes set off from the rest of your machine.
Unlike firewall-based approaches that rely on blocking malicious programs and other attacks, GreenBorder Technologies Inc.’s software works by allowing such traffic but preventing it from doing any damage elsewhere.
GreenBorder Pro won’t replace a firewall or anti-virus software but could supplement them by shielding your documents from programs that attempt to erase files, spy on their contents or perform other malicious acts, the company says.
Microsoft Corp.’s Internet Explorer browser essentially runs in a virtual box created by GreenBorder (support for Mozilla’s Firefox is coming). Should you inadvertently encounter a malicious program or hacker attack, the company said, any problems are limited to that box, not your entire machine.
But unlike traditional virtual machines, where two operating systems run in parallel with limited interaction between the two, GreenBorder promises to let you still open downloaded files with word processing, media players and other applications outside the box. Separate virtual boxes are created to run those files.
The technology has limits, though. Because it’s browser-based, it protects only Web-based e-mail accounts, not ones you may access through a standalone e-mail program. It won’t automatically protect instant-messaging files, nor will it prevent you from falling for “phishing” scams that trick you into revealing passwords at fake sites.
And you’ll need to take an extra step or two when installing legitimate software from the Internet – GreenBorder will automatically assume it’s malicious.
GreenBorder Pro and a file-management companion cost $65 a year combined following a free introductory period.
Lassie can go home: A U.N. agency in Geneva has ruled that ownership of the lassie.com domain name must be handed to New York-based Classic Media Inc., the firm that owns rights to the popular TV series Lassie about an adventurous collie.
Classic Media filed a complaint to the World Intellectual Property Organization over the use of the star dog’s name in an Internet address registered by Warren R. Royal of Cumming, Ga., the agency said Wednesday.
“In the United States, ‘Lassie’ is one of the most widely known dogs in film, television and print,” a WIPO panel of arbitrators said in a ruling dated June 19. “She has been an American icon since the story of a lost collie finding her way home first appeared in 1938.”
The panel, which was created in 1999, allows those who believe they have the right to a domain to gain control of it without having to fight a costly legal battle or pay large sums of money.
The Lassie ruling follows a number of high-profile cases in which so-called “cybersquatters” register domain names for a small fee in order to sell them back to companies and individuals with a claim to the name.
The arbitrators said Royal had acted in “bad faith” by registering and “passively holding” the address, even though it was inactive for the past four years. From 1999 to 2002, the site was used by Royal as his unofficial Lassie fan-site, they said.
Royal told the panel that he shut down the site “due to economic conditions” in 2002 and never revived it.
The panel ordered the domain name transferred to Classic Media, which owns 17 Lassie trademark registrations.
Qualcomm to remedy royalties issue in India: Qualcomm Inc. says it may use some of the royalties earned from mobile phone sales in India to fund research projects here in an apparent move to counter demands for a cut in its royalty rates.
Qualcomm, the San Diego-based wireless technology company, has been under pressure from Indian mobile phone companies to cut royalty fees from companies that sell phones based on a technology it helped develop, known as CDMA, or code division multiple access. Local companies say the fees in India are higher than those charged in China.
But Qualcomm chief executive Paul Jacobs said the key issue was the cost of producing handsets. He said that such costs could be lowered with further research and development and that Qualcomm was looking to fund research work by public institutions in India with some of the royalties earned here.
Qualcomm and the Indian companies won’t disclose the rates, but industry experts say the company charges nearly 5 percent royalty on sale of CDMA phones in India compared to just 2 percent in China and South Korea. India contributes 2.2 percent to Qualcomm’s worldwide royalty collection.
