Blogspot spam

February 2008

On readling a spam message received by our systems recently, I noticed that it contained only a link to a blog hosted by blogspot.com (Google's blog system, also known as Blogger.com).

Clicking on the link took me to an empty page containing only a link saying: "If you are not redirected click here". Almost immediately the page was redirected to another website.

I was curious so I downloaded the HTML code from blogspot.com. It contained only the following:

<meta content='0;URL=http://www.site.com' http-equiv='refresh'/>

I was certain that this was illegal code on the blogspot.com system, so I decided to test it for myself. I created a blog on blogspot.com, available here.

Here is how I created the post:

Blogspot spam - screenshot 1

As can be seen in the screenshot above, the system detected that the tags I had attempted to use were illegal and it produced a warning message and even blocked the post. However, when the tick box entitled "Stop showing title or body HTML errors for this post" was checked, there were no such errors or warnings and the system will created my post with the code exactly as I'd written it (see below).

Blogspot spam - screenshot 2

The post was published successfully and it even works - the page is redirected to www.avira.com after (approx.) 10 seconds.

Blogspot spam - screenshot 3

Blogspot.com has been informed about this and the spam blog has been submitted to them for investigation.

Sorin Mustaca, Avira

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 224,239 registered users.