Spam still comprises two-thirds of e-mail: Symantec

E-mail spam purveyors are varying their approaches to evade junk e-mail filters but spam levels remain unchanged, according to a new report by security software maker Symantec Corp.

The amount of spam sent in April remained at an average of about 65 per cent of messages observed, a figure consistent with previous months, Symantec said.

However, image spam unwanted messages whose text is sent as part of an image in order to evade text-based filtering dipped to 27 per cent in April, compared with 37 per cent in March, Symantec said in its State of Spam monthly report for May. It is unclear whether the change represents a trend away from image spam or is simply an aberration.

There are several new and growing trends and techniques that could herald the future of unwanted e-mail.

One new trend mentioned in the report is the emergence of "company character assassination spam," which involves negative messages about businesses, presumably designed to damage a firm's reputation and ultimately its revenues.

Photo-sharing sites being used

Spammers have also started using free image-hosting sites to wriggle through security defences designed to stop them. As increasing numbers of people share their photos by uploading them to free image-sharing websites and e-mailing a link to friends and family, so, too, are spam distributors.

By posting a message in the form of an image on a legitimate photo sharing website and using the URL (Universal Resource Locator) or web address in the e-mail they send, they can make it appear to security software as though the note is a legitimate one.

"The use of a randomized URL through a free image hosting service may add some difficulty to some anti-spam URL technologies that require a precise URL path," the Symantec report states. "However, any anti-spam technology that allows for pattern matching in URLs can easily account for this level of randomization."

In other words, such software should be able to detect strings of text in the web address that are common to spam and see such messages for what they are.

Nigerian e-mail scam, Iraq-style

Symantec also saw a variation on so-called 419 spam, named after an article of the Nigerian Criminal Code that deals with fraud in light of a tidal wave of e-mails that has claimed unwitting victims in recent years with a story about African dictators and a fortune to be shared.

The latest variation involves a U.S. soldier in Iraq who claims he found $750 million US on April 18, 2003, gave his $20 million US share to an English air force pilot for safekeeping, was discharged from the military, returned to the strife-torn country on humanitarian service, sustained a critical injury and now needs help to recover the $20 million. The helper's reward? $10 million.

An identity theft spam making the rounds in April promised that in exchange for personal information that includes the recipient's name, age, occupation and a copy of their identification, they would receive an automated teller card from the Zenith Bank of Benin and withdraw $1,500 a day to a maximum of $950,000.

Image spammers are also trying to get their messages to their targets by altering the e-mailed picture slightly so that it no longer matches known profiles.

Around the world, the top three categories for spam in the first quarter of 2007 were products at 22 per cent, financial and health missives at 21 per cent each, and internet at 16 per cent, Symantec said.