Spammers link to site containing QR code
Curious users may scan URL and end up on pharma websites.
Researchers at Websense have discovered spam containing links to a site containing a QR code in which the spam's
target URL is encoded.
A QR code is a two-dimensional variant of a barcode - which can thus contain more information than a barcode. QR codes have
become a popular way to encode URLs: most smartphones have apps that are capable of scanning QR codes and will then
automatically point the user's browser to the corresponding URL.
Because QR codes are opaque to the human eye, there is no way to guess whether the corresponding site is legitimate; for
this reason, security researchers have already pointed out the potential for abuse by spammers and malware authors. (Indeed, in
September last year, researchers at Kaspersky found some examples of websites containing
QR codes linking to
malware.)
The current spam wave does not use QR codes directly. Instead, it links to 2tag.nl - a site that combines a URL
shortener and creates QR codes of the short URLs as well. When a hyphen is appended to the shortened URL, the user
remains on 2tag.nl and sees the QR code.
It should be noted, however, that the target URL is visible on the same page. In the examples we have seen, it is
clear that the sites contain pharamacy spam. However, it is possible that not everyone will notice this - and many a
curious user may be tempted to scan the QR code visible on their screen.
2tag.nl appears to be a legitimate website, though its blog and its social media accounts have not been updated since
last spring. Nevertheless, we have informed them about this abuse of their service.
More at Websense here.
10 January 2012
Tags:
qr-code, spam, url-shortener.
del.icio.us 
digg this
0 comments
