Fighting malware and spam

Cracked CAPTCHAs used to create malicious blogs

Blogs on Google's blogging system redirect to spam sites.

Spammers are using botnets to mass-create phony blogs on Google's free Blogger system, with the phony entries redirecting to spam sites.

According to research by security company Websense, a large botnet is used to surpass the CAPTCHAs used by Google in an attempt to prevent automatic registration of blogs. As seen in similar cases, the success rate of cracking the CAPTCHA is relatively low (in this case it is believed to be between 8 and 13 per cent), but still high enough for a large botnet to create a significant number of blogs.

Since many spam filters block emails that contain links to sites that are known to spam and/or serve malware, spammers have started to use tricks to hide the URL. One such trick is the use of Google's "I'm feeling lucking" button, together with a cleverly constructed search, while recently an open redirect in Google's AdSense has been used to trick spam filters into believing a URL is harmless.

By making use of the facility in Blogger to have a blog redirect to an entirely different website, spammers have managed to obtain a large number URLs on the blogspot.com domain that redirect to their sites. Such URLs occur in many genuine emails and there is no way for a spam filter to decide whether such a URL links to a real blog, other than by following the link and studying the actual website.

Details of the Websense researchers' findings are here.

25 April 2008

Tags: blogger, captcha, spam.   

0 comments

Comments are closed.