Blogspot spam

February 2008

On readling a spam message received by our systems recently, I noticed that it contained only a link to a blog hosted by blogspot.com (Google's blog system, also known as Blogger.com).

Clicking on the link took me to an empty page containing only a link saying: "If you are not redirected click here". Almost immediately the page was redirected to another website.

I was curious so I downloaded the HTML code from blogspot.com. It contained only the following:

<meta content='0;URL=http://www.site.com' http-equiv='refresh'/>

I was certain that this was illegal code on the blogspot.com system, so I decided to test it for myself. I created a blog on blogspot.com, available here.

Here is how I created the post:

Blogspot spam - screenshot 1

As can be seen in the screenshot above, the system detected that the tags I had attempted to use were illegal and it produced a warning message and even blocked the post. However, when the tick box entitled "Stop showing title or body HTML errors for this post" was checked, there were no such errors or warnings and the system will created my post with the code exactly as I'd written it (see below).

Blogspot spam - screenshot 2

The post was published successfully and it even works - the page is redirected to www.avira.com after (approx.) 10 seconds.

Blogspot spam - screenshot 3

Blogspot.com has been informed about this and the spam blog has been submitted to them for investigation.

Sorin Mustaca, Avira

Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 43 comments
Jobs Recruit Sidebar

Malware Prevalence

Agent |####################|
Zbot |##############|
Suspect packers |############|
Dropper-misc |###########|
Delf |#####|
 View this month's full report
Virus Bulletin currently has 144,127 registered users.