Spammers use free Web services to shield harmful links

Print
PDF

04 September 2008

Spammers are abusing free Web services to make their spam links look more legitimate, according to e-mail security vendor MessageLabs Ltd.

One of the services, a photo hosting site called ImageShack, lets people upload different types of photo formats, including Flash files, said Paul Wood, a senior analyst at MessageLabs.

Flash files, which have the extension ".swf," can be used for animated graphics and to automatically redirect people to other Web sites — a feature that can be abused.

The attack involving ImageShack works like this: Spammers upload a Flash file and then copy the link for that file -- which comes from ImageShack's domain -- into a spam message. If the link is followed, the Flash file redirects the victim to a spam site, Wood said.

The technique offers an advantage for spammers. Antispam software will often scan links in e-mail and block any e-mails with suspicious-looking links. But ImageShack's domain is considered to have a good reputation, so messages won't be blocked.

"If you start blocking on domain name only, you can incur a lot of collateral damage," Wood said.

Another, more dangerous variation on this theme is a spam e-mail promoting a video. If the link is clicked, a Flash file redirects the victim to a site where a pop-up window immediately implores the user to download a codec supposedly needed in order to play the video file. Invariably, the file isn't a codec but rather some piece of malicious software.

Even if the spam link in the e-mail appears to be OK, there are many other ways to determine whether a message is spam.

The header -- or batch of information that shows where an e-mail came from and the path it followed -- can be used to tell if it came from a domain that has been prone to abuse and subsequently blocked, Wood said.

Google's Picasa photo service and Yahoo's Flickr don't allow Flash files. But that hasn't exempted Picasa from abuse: Spammers use Picasa to host images that are then incorporated into spam messages, Wood said.

Again, spammers are piggybacking on Google's good reputation. Images that are hosted on less reputable services or domains have a greater chance of being automatically blocked by security programs.

MessageLabs has also seen a similar type of abuse of Microsoft's Windows Live SkyDrive, which is an online file storage service, Wood said.

The scenario is almost the same: A link is connected to a file on SkyDrive, but then the link performs an HTML redirect to a dodgy site. SkyDrive also allows Flash files to be uploaded, offering another possible way to attack.

 

Source: Computerworld

Trackback(0)
Comments (0)Add Comment

Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

security code
Write the displayed characters


busy