‘Ransom note’ e-mails could get past junk filters

Internet security researchers say there’s a new strain of e-mail annoyance to be on the look out for: ransom note spam.

It’s called that, at least by one U.S. anti-spam vendor, because it resembles a ransom note – individual letters cut out from a newspaper and arranged to form words and sentences.

By keep the letters separate until they’re assembled in a user’s inbox, it’s easier to sneak past a spam filter, said Penny Freeman, director of software sales engineering for Marshal Inc., an Atlanta-based security software company.

“If you have a text-based scanner that’s only going to look for specific letters or specific fonts it’s not going to detect this type of spam,” said Freeman. “With the ransom note, you allow the spam in, thinking it’s a good document. The words . . . activate the moment it’s all been put back together by your mail server.”

It also works for images. Instead of individual letters forming words, the pieces are parts of an image become whole once the e-mail is received – like a jigsaw puzzle that only makes sense after it’s assembled. Not surprisingly, most of these types of image files are pornography, said Freeman.

She said that Marshal is able to combat this type of malware by using proprietary algorithms that recognize images based on body position, clothing and skin tone. The filters can be set according to the user’s requirements. Medical practitioners or advertising agencies who are used to seeing a little skin for legitimate reasons might set their filters low, whereas a school organization might set theirs on high.

Spammers are becoming more inventive out of necessity, said analyst for IDC Canada Ltd. Joe Greene. Anti-spam companies are continually coming up with solutions, but the spammers themselves are usually able discover new ways to reach inboxes.

“I think they’re always going to be ahead of the anti-spam people because they’re working with the anti-spam engines to see what they can do to get past them,” he said. “They’re going to be potentially one step ahead for the foreseeable future.”

David Skoll, president of Roaring Penguin Software Inc., a Nepean, Ont.-based security software provider, is used to the idea that he’s combating a persistent adversary.

“They’ll never exhaust the possibilities; it’s an infinite number,” he said. “I think it’ll reach almost a steady state where the filters are catching almost everything but there’s always going to be a vanguard of leading spammers who will be on the cutting edge and get past spam filters for a while.”

Skoll said he’s able to prevent the intrusion of unwanted images by simply setting his filters to only accept image files from trusted names. He said Roaring Penguin is able to deal with the worst of it because its anti-spam engine learns by being exposed to new problems. Roaring Penguin’s database is updated through customer feedback, so it learns what to filter out.

Spam will always be around, said Skoll, but even the spammers recognize that there are limits.

“It’s not really in the spammers’ interest to completely defeat filters and overwhelm everybody with spam because then people will stop using e-mail altogether. There’s a delicate balance where it has to be at a (tolerable) level of annoyance,” he said.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+