Spammers cloak scams by redirecting through Google services
- 28 January, 2008 08:00
Spammers are using thousands of Google accounts to camouflage their scams from anti-spam filters, a security researcher said Friday. He dubbed the practice "Spam 2.0."
Rather than inserting links to the actual pages touting their products, some junk mailers are sticking in links from domains registered with Google Page Creator -- the search engine's free Web page maker -- or accounts with Google's Blogger.com service, said Dan Hubbard, vice president of security research at Websense.
The tactic has been used my malware makers, but it has only recently been adopted by spammers, said Hubbard. Websense first noticed the technique in November, but "it was only earlier this month that it showed up in numbers." Websense has been intercepting "tens of thousands" of such e-mails daily, he claimed.
"Sometimes we'll see a run where they 'taste' the real URL, and then they'll do a much larger spam run with the Google Page URLs," said Hubbard, explaining how the spammers seem to be testing the efficacy of each. "It appears that they believe they get a more effective hit rate with the Google URLs."
That's likely, since most spam filters don't blink at letting through messages with embedded links to Google's services, Hubbard said. "It's a great way for them to hide [the fact that the message is] spam, and a good way for them to get it through filters."
The trend is toward a tighter link -- no pun intended -- between spam and seemingly legitimate domains, just as there has been a move by hackers to exploit legitimate Web sites to host their attack code. "Spam with a [spam site] link in it, there are all kinds of way to catch that," said Hubbard. "But spammers are moving toward the Web [host] side of things now, too."