Spammers cloak scams by redirecting through Google services

Thousands of Google Page and Blogger accounts mask spam links

Spammers are using thousands of Google accounts to camouflage their scams from anti-spam filters, a security researcher said Friday. He dubbed the practice "Spam 2.0."

Rather than inserting links to the actual pages touting their products, some junk mailers are sticking in links from domains registered with Google Page Creator -- the search engine's free Web page maker -- or accounts with Google's Blogger.com service, said Dan Hubbard, vice president of security research at Websense.

"They'll send out a big long spam run, and include the URL they registered with Google Page or a blog service," said Hubbard. "But there's nothing on that page but a bunch of obfuscated JavaScript." The JavaScript simply redirects the user to the actual destination, where the spammer shills his products or services.

The tactic has been used my malware makers, but it has only recently been adopted by spammers, said Hubbard. Websense first noticed the technique in November, but "it was only earlier this month that it showed up in numbers." Websense has been intercepting "tens of thousands" of such e-mails daily, he claimed.

"Sometimes we'll see a run where they 'taste' the real URL, and then they'll do a much larger spam run with the Google Page URLs," said Hubbard, explaining how the spammers seem to be testing the efficacy of each. "It appears that they believe they get a more effective hit rate with the Google URLs."

That's likely, since most spam filters don't blink at letting through messages with embedded links to Google's services, Hubbard said. "It's a great way for them to hide [the fact that the message is] spam, and a good way for them to get it through filters."

The spammers have borrowed other parts of the ploy from malware authors, too. Just as some recent attacks have been launched using frequently-changing JavaScript, the redirect code placed on the Google Pages or on blogs can fluctuate, depending on the originating spam message. The scams are also using fast-flux techniques to rapidly change the resolving destinations of the links, said Hubbard.

The trend is toward a tighter link -- no pun intended -- between spam and seemingly legitimate domains, just as there has been a move by hackers to exploit legitimate Web sites to host their attack code. "Spam with a [spam site] link in it, there are all kinds of way to catch that," said Hubbard. "But spammers are moving toward the Web [host] side of things now, too."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?