Spam and phishing mail

An animated August

We’ve recently detected yet another new trick being used by spammers.

Spam now isn’t just being sent as a static graphical image in an attachment, but as an animated image. Spammers are using GIF animation which will be recognized and displayed by all popular browsers.

Normally, animated spam has between two and four frames; out of these, only one of them actually contains significant information about the goods or service being promoted. The remaining frames simply act as background, or contain other pictorial elements. The main frame is displayed to the user for up to 10 minutes, while the remaining frames will be displayed for mere tenths of a second.

The screenshot on the left shows the main frame of such a message. On the right is an example of one of the remaining frames (the original message contained three frames in all.)

As far as we can tell, at the moment animation is confined to stock spam (e.g. spam which promotes specific stocks). However, there’s nothing to say that this technique won’t become widespread in the future.

Spammers are always developing new technologies in order to evade spam filters. Whether or not animation will make spam more difficult to detect isn’t yet clear. It’s true that a lot of spam filters don’t analyze the actual graphics in spam. The majority of them analyze the message structure, the text content and so on. Animated spam may well cause serious problems for simple filters which operate purely by analyzing text symbols, and which don’t analyze text in graphical form. However, such filters are ill equipped to cope with any type of graphical spam, animated or not.

On the other hand, although animating the message is a novel trick, better spam filters are able to detect and filter out animated spam.

An animated August

Your email address will not be published.



Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox