ABUSE : Google Sites exploited to bypass spam filters
By Matthew Broersma,
ZDNet UK
06/Aug/2008
http://www.zdnetasia.com/news/security/0,39044215,62044570,00.htm
Spammers have added Google Sites to the arsenal of online tools used to get around junk-e-mail filters, according to a study published on Tuesday by messaging security firm MessageLabs.
Spammers had already been making use of Google Docs, Google Page Creator and Google Calendar as spam-hosting facilities, but Google Sites is a recent addition, according to the MessageLabs Intelligence Report for July 2008. Junk e-mailers are using the tool to automatically create Web pages with names composed of a string of random numbers and letters, resulting in an address that is more difficult for signature-based antispam tools to block, MessageLabs said.
The Google Sites abuse indicates that spammers are becoming more advanced at getting around the Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanisms used to defend against the automated sign-up tools frequently used by junk e-mailers, said MessageLabs' chief security analyst, Mark Sunner.
"While Google Sites spam accounts for only one percent of all spam currently, we anticipate that this technique's popularity will rival that of its predecessors: Google Docs, Calendar and [Page Creator] spam," Sunner said in a statement.
The report found that the number of new, malicious Web sites blocked each day has increased by 91 percent, from 2,076 in June, to a daily average of 3,968 in July, with the increase largely due to Web sites linked to SQL injection attacks. This particular form of Web-based threat is now at record levels, MessageLabs said.
The study found a new form of spam that is generated by botnets controlled by the Storm worm. The spam automatically downloads a rogue anti-spyware program called Antivirus XP 2008. The program displays a false list of malware infecting the user's system and demands the purchase of a license.
Out of all the Web-based malware intercepted in July, 83.4 percent was new, MessageLabs said.
Analyzed by the industry sector of the organization receiving the junk e-mail, MessageLabs found that spam levels have actually decreased for all except the non-profit sector, in which spam rose by 5.8 percent to account for 82.2 percent of all e-mail.
No comments:
Post a Comment