X
Government
Home Government

Outlook's security compromised by spammers

Spammers who send pornographic pictures in the hope of enticing the recipient to signing up to an adult Web site have discovered a way to bypass Outlook 2003's security features, which are designed to stop potentially offensive content being automatically displayed in the preview window.
Written by Munir Kotadia, Contributor
Spammers who send pornographic pictures in the hope of enticing the recipient to signing up to an adult Web site have discovered a way to bypass Outlook 2003's security features, which are designed to stop potentially offensive content being automatically displayed in the preview window.

The latest version of Microsoft's Outlook was built with a relatively sophisticated spam filter, but as the product's first birthday approaches, spammers are finding new ways to ensure that their unsolicited message go undetected.

In order to help fight spam, Microsoft armed Outlook 2003 with a Bayesian filter, which tries to recognise unsolicited messages by examining the words used and, depending on the frequency of certain key words, calculating the probability of that e-mail being spam.

The company also improved on previous versions of Outlook by allowing users to choose if an HTML email should be allowed to access the Internet and download content. This gives the user a chance to prevent the pornography from ever reaching his or her PC.

However, John Cheney, chief executive of e-mail-security firm BlackSpider Technologies, explained that one of the growing trends is for spammers to attach a pornographic image file to their e-mails and then use HTML code to display the attached image. This means that Outlook doesn't need to access the Internet before displaying the picture.

"Historically, spammers have been able to get the e-mails through by incorporating a link to the file. This is a change in tactic and we've been seeing a lot more of it recently," Cheney said.

Simon McNally, systems engineer at anti-spam firm Borderware, said the bonus for spammers is that they can now create an image that also displays words or a Web address that would otherwise have been intercepted by the spam filter.

"There are hardly any words in the body of the email because they are in the picture itself. This is very hard to track," said McNally.

But McNally points out that because the spammers now have to send an image file, they use more bandwidth and so the same volume of spam costs more and takes longer.

Another disadvantage for spammers is that they can no longer keep track of how many times their images are being viewed. The ability to track live e-mail addresses is likely to be more of an issue than the bandwidth and time constraints, as the majority of spam is sent from computers that have been hijacked by Trojan horses and viruses.

"The e-mail will be larger because it contains the attachment. But they will find an open relay and send it to as many people as possible," said McNally.

Microsoft could not be reached for comment.

ZDNet UK's Munir Kotadia reported from London. For more coverage from ZDNet UK, click here.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now