There are two ways of doing this - an easy "hack" and a "proper" way...
The easy way is simply to save your images with randomly assigned (GUID-type thing) filenames which can't be guessed. This doesn't stop people linking directly to your images once they know the filename of course, but unless your images are highly popular that is unlikely to be a problem, but it will stop them from finding images until you reveal the address.
The proper way is to write a custom handler; you can find an example
here[
^]. Note though that depending on your version of IIS you may need to perform some steps differently - that article assumes IIS6; once you get above this you need to write your config file differntly, for one thing...