Network Box Developed Protection Against New Defence-Resistant Spam

By | September 5, 2006

Network Box has developed a filter to protect against a new kind of spam email that is swamping networks and is hard to detect. ‘Multi-Defence-Resistant’ (MDR) image spam, named by Network Box, are spam emails that at first glance appear to be identical to each other, but that actually originate from multiple sources across different countries, and include digitally different copies of the same image within the email.

This makes them difficult to identify and block using traditional spam filtering techniques. As a result, Network Box has released a set of new anti-spam modules, to extend the heuristic and signature functionality of its filters.

Network Box developed the new modules after conducting in-depth analysis of 1,204 samples of this spam as it arrived at a single Network Box filter. This analysis showed that the spam emails came from 600 unique senders in 41 different countries and included 599 digitally different copies of the GIF image (all of which “appeared” to be the same). Without a single sender, source IP identification, message structure, or unique digital fingerprint to lock-on to, it is very difficult to detect and block such spam (without an unacceptably high false-positive rate).

Network Box’s statistics show that the rate of such MDR spam has been rapidly increasing over the past few weeks (from less than 0.1 per cent of all spam this time last year, to up to 18 per cent of all spam this week). Overall, image spam has increased from one per cent, this time last year, to around 25 per cent this week.

Network Box’s new anti-spam modules examine the content of images contained in emails, in the same way that it deals with textual content. The modules include: a suite of algorithms, including OCR (Optical Character Recognition); heuristic analysis; image structure; textual content; pattern matching; fuzzy signature; and object validation to combat this growing threat of MDR image spam.

The new modules released have been tested against recent MDR image spam corpuses, and found to be almost 100 per cent effective (99.99 per cent) in detecting and blocking such spam emails, with an almost zero false positive rate (false positives are genuine emails, blocked as spam). But, more importantly, the inclusion of such a suite of techniques allows Network Box to adapt its anti-spam solution to emerging variants of these threats. This protection has already been pushed to all Network Box customers globally, and is available immediately.

Leave a Reply