Re: Image SPAM Increase?

["Bruggeman, John" <jbruggeman () HUC EDU>]

I'm seeing the same thing here at HUC-JIR, my Baraccuda is not detecting
them.  I've tagged probably 50-75 emails in the Baraccuda but so far (24
-48 hours after tagging) the 'Cuda has not tagged them as BULK.

I'm just hoping that the 'Cuda folks create some rules to get these
marked.

=====================================================
John Bruggeman   Director of Information Systems
Hebrew Union College - Jewish Institute of Religion 
Cincinnati *  New York * Los Angeles * Jerusalem
jbruggeman () huc edu

-----Original Message-----
From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Wednesday, April 19, 2006 12:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Image SPAM Increase?



Over the past few weeks we've seen a slow increase in SPAM messages
related to stock market advice. We're starting to see regular reports
from our users of this new ( for us ) activity. The messages are
composed:

1) entirely of images

--or--

2) Images prepended with gibberish

Messages have been received from computers around the
world and sources don't seem to repeat.

Our email system is assigning them junkmail scores too
low to keep them out of regular mailboxes.

Anyone else seeing these? If not, do you know what is
keeping you from seeing them? Anti-spam device or
product? ORB list? SPF? Custom filter?

How would any SPAM filter be able to deal with a message
made up entirely of an image and sent from varying
computers? Is it safe to assume there are no filters
that have OCR capabilities :)

What actions do you take and/or what recommendations do
you offer to users when faced with an increase in
unfilterable messages?

thanks,

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security