MessageLabs, the leading provider of messaging and web security services worldwide, announced the results of its MessageLabs Intelligence Report for August 2008. This report highlights that Google's Picasa image hosting service and Flash files have become the latest tools used by spammers to spread their malicious content.
Images are already being used in spam for a long time. Spammers use this technique in order to trick anti-spam filters by overcoming text-recognition features. However, the fact they started using specialized image services such as Picasa indicates that it will now be even more complicated to fight spam.
Picasa is a software application created by Idealab and used to organize and edit digital photos. In July 2004, Google acquired Picasa and started offering its free downloads. So it is now a Google service designed to share photos. Due to this fact, email filters rarely block its domains because the same domains are far more often used to host an image that the user actually wants to receive.
Chief Security Analyst at MessageLabs, Mark Sunner, notes that "not only are the links contained within the spam emails difficult for traditional anti-spam filters to detect as they appear to be legitimate URLs, but it is also much more unlikely such filters will block emails based on the URLs they contain without causing significant collateral damage."
The popularity of this technique can also be partly ascribed to the very simple use of images. First of all, Picasa Web Album is created using Google account. Besides, the album is marked as private or public, and even with a private album, the images can still be used in an email.
It is important to note that photo-sharing websites are not the only way how spammers try to avoid detection.
Spammers are also increasingly using the so called Flash files. Adobe Flash (previously called Shockwave Flash and Macromedia Flash) is a set of multimedia software created by Macromedia and currently developed and distributed by Adobe Systems. It is usually used to create animation, advertisements, and various web page components, to integrate video into web pages, and to develop rich Internet applications. Files in the SWF (ShockWave Flash) format, usually have a .swf file extension and may be an object of a web page.
Spammers use Adobe Flash method to host .swf files that cause Web browsers to re-direct to the spammer's site. Message Labs notes that "Using this latest technique, spammers are able to bypass many traditional content filters since the link in the message relates to a legitimate website."
The company also declares that "it is expected to appear in spammed messages posted to comment pages of blog sites and social networking sites." Therefore, stay careful and look with suspicion at any Picase and Flash related emails in your inbox.