Technology Overview   StarEngine   Bullet Signature Database   RETIRE for Email-borne Malware   IBSEM for Image-based Spam   Phish Repellent   Edge Reputation Analysis   Community Submission Network   Technology Whitepaper (.pdf)   The Human-Touch Whitepaper (.pdf)   IBSEM™ for Image-Based Spam Mail-Filters has long been recognized in the industry as providing best-of-breed next generation, technology for spam and phishing detection. As spammers began utilizing a pervasive technique known as image-based spam, where graphic images are embedded into messages (as well as PDF files, spreadsheet, word-processing, and other applications documents that are attached to the messages), Mail-Filters was once again the first, and still the only, vendor in the industry to introduce a filtering solution specifically designed for the detection of this specific form of spam. IBSEM for image based spam compliments Mail-Filters STAR Engine and Bullet Signatures to detect both image-based and text-based spam without causing false-positives or creating any latency. Test Results The results of a two month long study, in a live data-center environment (to avoid skewed results that a lab environment creates) testing the Mail-Filters' technology (including IBSEM for Image Based Spam) against the leading competitive solutions showed that Mail-Filters consistently caught over 98% of all image-based spam while the nearest competitive solution never caught more than 65% (and usually significantly less) of the image-based spam. In addition, Mail-Filters created no false-positives and was able to continue to filter over 5,000 messages per second. Why Mail-Filters Can Detect Image-Based Spam While Mail-Filters Bullet-Signatures and STAR Engine have always performed significantly better than competitive solutions with image-based spam, even though they have been largely immune to the above mentioned spammer tricks and techniques, Mail-Filters felt it critical to develop a new technology to compliment its existing solution. This new technology was specifically designed to combat image-based spam and overcome the techniques used by spammers as highlighted above. The result is the Image Based Spam Elimination Module (IBSEM). IBSEM along with Bullet Signatures and the STAR Engine, and the rest of Mail-Filters' messaging security technology, has raised the bar in the ability to detect all forms of spam and phishing messages including image-based spam. Why The Competition Can't Detect Image-Based Spam Spammers are constantly developing new tricks and techniques to defeat the spam filters that are being used by consumers, enterprises, and service providers. Originally, spammers began using a technique known as image-based spam. Initially, all images used in a particular campaign were the same. This approach created significant trouble for heuristic-based technologies since there was no text (other than what appeared in the graphic image) to read. This is an example of a simple spam image that presents the spammers message with no text actually in the body of the email. Spammers then began to develop technology that would change a single pixel within an image; thus making each image within a campaign unique. This approach defeated the hash-based type of technologies because each hash created for an image was uniquely different from another resulting in each image appearing to be new and unknown as a spam message. These two examples show how spammers can change a few pixels in an image with lines, dots, colors, etc. to effectively change the image enough to defeat hash-based approaches. Note the dashes and dots around the text and how they differ between the two images. Spammers also began using bots, trojan horses, and other forms of malware, on a more wide-spread basis, by infecting individual PCs. These infected PCs are then used as spamming machines without the individual users realizing that anything is wrong. This approach made anti-spam filters that utilize technologies designed to monitor message traffic from specific sources useless in combating image-based spam campaigns since only a few messages are sent from any particular source. In an effort to detect these new forms of spam, anti-spam vendors have explored the use of OCR technologies (as well as other types of technologies) that would examine the text content that the image displays. In response, spammers utilized a variety of techniques with each image that rendered the OCR approaches ineffective. Some examples of these techniques include a use of both foreground and background colors, distorting the text, and so on. Equally problematic as a realistic solution is the fact that the techniques being employed by the anti-spam vendors has introduced significant overhead requirements and unacceptable latency issues. This spam image shows how spammers are using a variety of foreground and background colors, various font-sizes and distortion to defeat OCR type approaches. More recently, spammers have modified their technique from sending embedded or attached graphic images to sending attached PDF files, spreadsheet documents, and word processing files. Unlike graphic images that can be scanned using an OCR type technique (albeit not very effectively as described above) or a hash-based type technique (which has also proven to be very ineffective), PDF files have been virtually immune to these techiques and undetected by anti-spam filters. However, Mail-Filters' anti-spam filter has been able to detect and remove the PDF form of spam messages from the moment the first outbreak occured thanks to IBSEM!!!

Copyright © 2001-2009 Mail-Filters.com, Inc. All rights reserved. Terms Of Use   |   Privacy Policy   |   Trademarks   |   Contact Us