Picasa and Flash become latest spam tools

Image site helps spammers elude filters

Shaun Nichols in San Francisco, vnunet.com 05 Sep 2008

Google's Picasa image hosting service is fast becoming the new tool of choice for spammers to elude email filters.

A recent report from security firm Message Labs said that the service is being used to host the images used in spam messages.

The images can be used for such purposes as pushing fake video files or running text that can elude spam filters.

The use of images in spam is not new. Spammers have long used image files as a way to evade the text-recognition features in spam filters.

The use of specialised imaging services such as Picasa, however, could make it even harder to combat.

Because Picasa is a Google service, the domains are rarely blocked by email filters as they are far more likely to be used to host an image that the user actually wants to receive.

The streamlined nature of the service, designed to make it easier for users to upload and manage their albums, is also appealing to spammers, according to Message Labs.

"The use of these images is very simple," the firm said. "Firstly, a Picasa Web Album is created using the Google account. The album can be marked as private or public, and even with a private album the images can still be used in an email."

The use of photo-sharing sites like Picasa are not the only way spammers are avoiding detection. Message Labs also pointed to Flash files as an emerging threat.

While some exploits have in the past been launched through Flash flaws, Message Labs found that spammers are now using the files to confuse users and redirect them to attack or phishing sites.

"Using this latest technique, spammers are able to bypass many traditional content filters since the link in the message relates to a legitimate website," said the company.

"It is expected to appear in spammed messages posted to comment pages of bl og sites and social networking sites."

See also: