EmailSafety.net - Spammers cloak scams by redirecting through Google services

Spammers cloak scams by redirecting through Google services

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Community

RE: 5 critical security questions that IT and corporate leaders are asking

RE: Microsoft: Vista more secure than XP and open source

It appears the request for reread of a Cisco CCIE lab exam is a total waste of money

All security forums

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

Rather than inserting links to the actual pages touting their products, some junk mailers are sticking in links from domains registered with Google Page Creator -- the search engine's free Web page maker -- or accounts with Google's Blogger.com service, said Dan Hubbard, vice president of security research at Websense.

Read the latest WhitePaper - Enterprise Mobile Adoption - A Corporate Conundrum

"They'll send out a big long spam run, and include the URL they registered with Google Page or a blog service," said Hubbard. "But there's nothing on that page but a bunch of obfuscated JavaScript." The JavaScript simply redirects the user to the actual destination, where the spammer shills his products or services.

The tactic has been used my malware makers, but it has only recently been adopted by spammers, said Hubbard. Websense first noticed the technique in November, but "it was only earlier this month that it showed up in numbers." Websense has been intercepting "tens of thousands" of such e-mails daily, he claimed.

"Sometimes we'll see a run where they 'taste' the real URL, and then they'll do a much larger spam run with the Google Page URLs," said Hubbard, explaining how the spammers seem to be testing the efficacy of each. "It appears that they believe they get a more effective hit rate with the Google URLs."

That's likely, since most spam filters don't blink at letting through messages with embedded links to Google's services, Hubbard said. "It's a great way for them to hide [the fact that the message is] spam, and a good way for them to get it through filters."

The spammers have borrowed other parts of the ploy from malware authors, too. Just as some recent attacks have been launched using frequently-changing JavaScript, the redirect code placed on the Google Pages or on blogs can fluctuate, depending on the originating spam message. The scams are also using fast-flux techniques to rapidly change the resolving destinations of the links, said Hubbard.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites

Other stories on this topic

Community

Story tools

Sponsored by: