Porn spammers sneak images into Outlook
Published: 21 Jun 2004 16:00 BST
Spammers who send pornographic pictures in the hope of enticing the recipient to signing up to an adult Web site have discovered a way to bypass Outlook 2003's security features, which are designed to stop potentially offensive content being automatically displayed in the preview window.
The latest version of Microsoft's Outlook was built with a relatively sophisticated spam filter, but as the product's first birthday approaches, spammers are finding new ways to ensure that their unsolicited message go undetected.
In order to help fight spam, Microsoft armed Outlook 2003 with a Bayesian filter, which tries to recognise unsolicited messages by examining the words used and, depending on the frequency of certain key words, calculating the probability of that e-mail being spam.
The company also improved on previous versions of Outlook by allowing users to choose if an HTML email should be allowed to access the Internet and download content. This gives the user a chance to prevent the pornography from ever reaching his or her PC.
However, John Cheney, chief executive of email-security firm BlackSpider Technologies, explained that one of the growing trends is for spammers to attach a pornographic image file to their emails and then use HTML code to display the attached image. This means that Outlook doesn't need to access the Internet before displaying the picture.
"Historically, spammers have been able to get the emails through by incorporating a link to the file. This is a change in tactic and we've been seeing a lot more of it recently," Cheney said.
Simon McNally, systems engineer at anti-spam firm Borderware, said the bonus for spammers is that they can now create an image that also displays words or a Web address that would otherwise have been intercepted by the spam filter.
"There are hardly any words in the body of the email because they are in the picture itself. This is very hard to track," said McNally.
But McNally points out that because the spammers now have to send an image file, they use more bandwidth and so the same volume of spam costs more and takes longer.
Another disadvantage for spammers is that they can no longer keep track of how many times their images are being viewed. The ability to track live email addresses is likely to be more of an issue than the bandwidth and time constraints, as the majority of spam is sent from computers that have been hijacked by Trojan horses and viruses.
"The email will be larger because it contains the attachment. But they will find an open relay and send it to as many people as possible," said McNally.
Microsoft could not be reached for comment.
Did you find this article useful?
150 out of 233 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
10 comments
-
What a load of tosh. Outlook 2003 blocks HTML to s... Anonymous -
I am such a sucker. I thought the article was act... Anonymous
-
Spammers can test their emails using Outlook 2003.... Nick Lansley
-
You really need to get your facts right. All HTML... Neil Hamilton Murray
-
I think our story makes an interesting and valid p... Michael Parsons
-
Damn! It wasn't an article about a new Easter Egg. Anonymous
-
This article fails to communicate the reason for b... Anonymous
-
Bayesian filter in Outlook 2003? I think not.
Yo... Anonymous
-
Hi,
but this whole story is nothing new to be hone... Anonymous
-
I use Outlook Express 6, and have an excellent way... David Pope
