Are Spammers Giving Up on Image Spam?

McAfee Avert Labs has just published my white paper on “Image Spam: The New Email Scourge.” You have your choice of seven languages, and you can find the English version here.

Since that paper was written, we’ve seen a marked change in recent image spam stats, so I thought I’d give you an update. Following a large increase in 2006, image spam remained steady during the first quarter of 2007 and accounted for up to 60 percent of all spam. During the last few weeks, however, there has been a significant reduction in spam that contains embedded images, dropping from 59 percent at the start of April to 12 percent earlier this week.

For the last year and a half image spam has typically contained embedded .GIF, .JPG, or .PNG images. Spammers, particularly German “pump and dump” stock spammers, are now uploading the spam images to free image-hosting and photography sites such as imageshack.us and imagehosting.com and are linking to those images in their spam rather than including the pictures in the email.

Another recent trend is spammers posting spam images onto compromised Web servers and then linking to the image in their spam.

The amount of hosted image spam does not currently make up for the reduction in embedded image spam, but it is increasing in the same way that previous image spam has, as more spammers jump on this bandwagon.

During the last 24 hours embedded image spam has again increased to 31 percent of spam, so whether the pump-and-dump spammers were having a holiday during April and are now back at work, or if this is a temporary increase, remains to be seen. The chart below shows the amount of spam containing embedded images since September last year.