Scams Spams, now in graphical flavors!! How to get rid of them?

[GIGObuster]

Over here at an office I was doing IT support, the boss was using [del]LookOut![/del] Outlook Express (in XP) to check the mail, recently scam mails have hit hard, the ISP claims it can do little to help (Funny how outfits like Google Mail have a simple way to report spam and then prevent spam from reappearing, but I digress)

So they ask us to send samples of the spam and then I noticed an odd thing, 80% of the spam was text in a graphic!

This was one time that I have to say I guessed where this was going before I even took a look:

When we sent the info to the ISP, they replied to us that they can not open attachments (Security reasons for sure), ok then, it will be then a matter of selecting the text in the message and send it to them to investigate… oh…

:smack: (I forgot for a moment that one cannot select text from a graphic file!)

Never fear! Use Optical Character Recognition software to read it and then send the message to the ISP…

Seems spammers already figured that out!.. In the spams I saw, they are using black fields and other odd colors or multi colored text to then discourage the use of OCR too!

So I searched and yes, security people already encountered such critters and the solution:

http://momusings.blogsome.com/2006/09/07/developments-in-spam-and-spamming/

The use of Word documents as a method of sending out spam is both interesting and worrying; interesting in that the spammers seem to be be trying out file formats which they believe will allow them to bypass anti-spam tools and get their message through to you. This will mean that to counter this move to graphical spam we are probably going to have to use anti-spam tools that use OCR [Optical Character Recognition] to extract the text from the spam and then analyse it as before. As for the move to Word documents, we may have to update anti-spam tools to use content filtering and/or file extension filtering, much as we already do for dealing with malware.

However, it seems spammers are ahead of even him in this case!

Truly loathsome, and I hate the makers of this kind of Spam, but I have to say that I’m impressed.

So, to make it economically feasible, few reports are going to the ISP, but obviously there are better solutions (unfortunately using g-mail is not one of them for the business here) So, what is the best idea on how to route graphical Spam into the trash bin in Outlook? Is the ISP really so useless in helping deal with this? Any good anti-Spam tools left that can deal with this?

[FRDE]

Personally I screen my mail with something called Mailwasher, it downloads a bit of the file so you can have a look at it and delete it at the ISP if you reckon it is spam.

That way nothing gets anywhere near my real Mail reader if I’m remotely suspicious.

The danger of things like Outlook is that they are too darn smart and launch the appropriate application for the type of file they find in an Email.

[jovan]

GIGObuster:

So, what is the best idea on how to route graphical Spam into the trash bin in Outlook?

I don’t use Outlook, but rather Thunderbird, but I think this might help: I added a filter that sends any mail from people not in my address book with “content-type: multipart/related” to my trash bin.

I’d say almost as much as five times more junk mail gets trashed that way than through the regular spam filter.

[RealityChuck]

I’ve created a rule: All mail with attachments are deleted except when they have certain words in the e-mail address. The words would be your own domain name and any other domains or users who might send you attachments. That’s a start. The list will require some tweaking, and you may have to put additional rules in front of it (if you do, be sure to tell it to stop processing more rules) to find other exception.

[GIGObuster]

Thanks for the replies, can anyone point to examples of how to create those rules in Outlook? (Yeah, I know we should not use it, but as I said before this a case were the client (boss) rules what ‘client’ to use)

[gotpasswords]

If you’re running on an Outlook Exchange server, there’s something new out there called Messaging Ninja that does pretty well at uprooting image-based spam.

Note that this runs on the server, rather than individual desktops.

[gotpasswords]

Oh, mailbox rules in Outlook are pretty easy to set up. In the lastest version, Click on Tools, then Rules and Alerts… Click New Rule tab, then Start from a blank rule, and highlight Check messages when they arrive, and Next.

Select conditions - check the box “which has an attachment” )nearish to the bottom of the list) and Next. Click the box “delete it” or “permanently delete it” * and Next.

Exceptions - Here’s where you set up what will allow things through from trusted people.

“Except if from people or distribution list” works best in a corporate environment with a global address list.

“Except if subject contains specific words” works well if you tell people “Be sure to put ‘daffodil’ in the subject or I’ll never see it!” In the bottom pane, click on the underlined “specific words” and you can enter any number of key words.

Click Next, and give the rule a name such as “treat attachments as spam” or whatever you like. Make sure “Turn on this rule” is checked, and click Finish and Apply

• The decision here is if you want to blindly have potential spam hit the bit-bucket without any chance of retrieval, or if you want them to go to the Deleted Items folder, where you can still access it.

[jovan]

gotpasswords:

• The decision here is if you want to blindly have potential spam hit the bit-bucket without any chance of retrieval, or if you want them to go to the Deleted Items folder, where you can still access it.

I have a separate folder just for image spam. That way, I can occasionally check that the filter is working properly and that there are no false positive before I delete the messages.

For the record, when I checked my e-mail this morning, there were 30 messages in my regular junk folder and 124 in the image spam folder!