Google's Picasa image hosting service is fast becoming the new tool of choice for spammers to elude email filters.
A recent report from security firm Message Labs said that the service is being used to host the images used in spam messages.

Image site helps spammers elude filters
vnunet.com, 05 Sep 2008
Google's Picasa image hosting service is fast becoming the new tool of choice for spammers to elude email filters.
A recent report from security firm Message Labs said that the service is being used to host the images used in spam messages.
The images can be used for such purposes as pushing fake video files or running text that can elude spam filters.
The use of images in spam is not new. Spammers have long used image files as a way to evade the text-recognition features in spam filters.
The use of specialised imaging services such as Picasa, however, could make it even harder to combat.
Because Picasa is a Google service, the domains are rarely blocked by email filters as they are far more likely to be used to host an image that the user actually wants to receive.
The streamlined nature of the service, designed to make it easier for users to upload and manage their albums, is also appealing to spammers, according to Message Labs.
"The use of these images is very simple," the firm said. "Firstly, a Picasa Web Album is created using the Google account. The album can be marked as private or public, and even with a private album the images can still be used in an email."
The use of photo-sharing sites like Picasa are not the only way spammers are avoiding detection. Message Labs also pointed to Flash files as an emerging threat.
While some exploits have in the past been launched through Flash flaws, Message Labs found that spammers are now using the files to confuse users and redirect them to attack or phishing sites.
"Using this latest technique, spammers are able to bypass many traditional content filters since the link in the message relates to a legitimate website," said the company.
"It is expected to appear in spammed messages posted to comment pages of bl og sites and social networking sites."

Threatening emails are designed to get internet users to hand over their money
New attack exploits war in former Soviet state
Male enhancement still at large

Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Intel explains how its Xeon processors can handle data-intensive apps

Thomas speaks out on government databases and data privacy
Do you agree?
Have your say on this article