Pill spammers turn hackers to 'joe job' sites

Spammers are hacking into legitimate Web sites through unpatched vulnerabilities in the PHP scripting language to sidestep blacklists that block spam or bar access to known spammer sales sites, a security company said Thursday.

Other stories on this topic
Netsky still dominates malware landscape 4/3/2007
Web site hit by tsunami of blog spam 3/21/2007
Image spam is still a serious problem 2/20/2007
Powered by Inform
RSS feed

The tactic, said U.K.-based Sophos, is a form of "joe job" -- a term usually given to spam attacks expressly designed to blacken the reputation of a legitimate user or company. Here, though, the intention is to slip by anti-spam defenses.

"They're deliberately trying to avoid detection by spam filters using this technique," said Ron O'Brien, a Sophos senior security analyst.

The spammers first hack a genuine site by exploiting any of several unpatched PHP bugs. The open-source PHP, a server-side scripting language that can be embedded in HTML, is regularly hit with bugs. Since last Saturday, for instance, Symantec has identified four different critical vulnerabilities in PHP.

Once inside a legitimate site's server, the spammer can set up a redirect so that specific traffic heading its way will be shunted to the junk mailer's selling site. "To the naked eye, it looks like a regular spam message advertising Viagra and Cialis," said Graham Cluley, a Sophos senior technology consultant for Sophos. "But it is actually pointing to a site that is owned by someone who is probably completely unaware that spammers have hacked [them], and are redirecting visitors to an online pharmacy."

Most of the spam, Cluley said, touts cheap pharmaceuticals such as Cialis, Xanax, Ambien and Viagra. "Web surfers probably wouldn't even notice they are being hopped across the Net," he said. "The intention of the spammers is not to confuse their potential purchasers but to try and slip past anti-spam products."

PHP offers fertile hacking ground, said O'Brien. "There are known vulnerabilities in PHP, and it's used on a large number of sites."

Drug spam not only makes up a major chunk of all junk e-mail -- Symantec's data last month put its slice at 24 percent of the total, while Sophos pegged it much higher, at 60 percent for all of 2006 -- but it can also be dangerous.   

1 | 2 |  Next >

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
Recent News:
· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.