Global spam has increased nearly 100 percent year on year according to current statistics from the IronPort Threat Operation Center—a key driver of which is the proliferation of image-based spam.

According to IronPort’s statistics, worldwide spam levels in October 2005 were 31 billion messages per day. That figure has risen to 61 billion messages per day in 2006.

25 percent of this spam was image-based compared to 4.8 percent the year before. The average message size also increased from 8.9 kilobytes to 13 kilobytes. Global spam contributed to more than 819 terabytes of bandwidth per day during 2006.

IronPort squarely lay the blame on the falling "catch rates" of spam on signature-based antivirus solutions. IronPort marketing vice president Tom Gillis said rapidly changing randomization techniques, the basis of image spam, are counteracting signature-based tools.

Adam Biviano, Trend Micro premium services manager, said image-based spam is one technique that does circumvent "legacy" security software, adding that is why the majority of tools now incorporate more than one form of detection method.

"If you look at 25 percent of image-based spam being hard to pick up with a signature-based tool, that still leaves 75 percent of spam out there for which there are already signatures," Biviano said.

"Image-based spam is definitely one of the techniques employed to get around legacy technologies, which is why spam filters look at more than image content for traffic patterns associated with sources and use reputation databases.

"A combination of technology needs to be used because the spammers know how to get around some products."

Paul Ducklin, Sophos Australia and New Zealand head of technology, said image spam is becoming a more prevalent form of spam because it defeats older, simpler spam-classifying engines.

Ducklin said any product relying solely on text-oriented classification will struggle because of the lack of words. Bayesian filters have the same shortcomings.

"This is not anything new, and there are lots of tools available to construct images—put background speckles in it and even use multilayered images in a GIF file across three different layers, so when superimposed the message is legible," Ducklin said.

"There are a lot of legitimate e-mails already with corporate logos, and the reason so many companies send mail like this is that marketing people say it gets a better response, so it is not surprising spammers are doing the same thing."

Rob Forsyth, Sophos country manager, agreed with image-spam levels being around 25 percent of all global spam. Forsyth said at times this figure can peak at 40 percent.