Broken link

February 2007

Over the last few years we have seen many examples of spam messages that do not contain a link to the advertised website; instead they contain an image requiring that the recipient type the URL into his browser. As a result, it is well known that a single GIF image of small dimensions and file size is a very good indicator of spam.

Old method: image, no link

This year, spammers are proving to be very innovative. With the goal of pursuading the user to type the URL into a browser instead of clicking on a picture or on a simple URL, the spammers have broken the link by adding an invalid character into it. Beneath the link is an explanation of what the recipient needs to do in order to make the link functional:

New method: broken link

We have seen examples of broken links in the wild with characters '*', '-' and a space insterted in different parts of the mail.

It is interesting to note that Firefox doesn't complain when an invalid character is included in the URL, merely producing a 'server not found' error:

Firefox: server not found

IE7, on the other hand, clearly explains that the address is not valid:

IE7: invalid address

Sorin Mustaca, Avira

Phishing


	Phishing and spam techniques Nigerian Blogspot spam Meta phishing Stock spam PDF Advanced fee fraud or phishing? The return of the animated spam Do 'pump and dump' spam campaigns really work? 'Mini' phishing Pay per click Broken link Bye bye OCR? See also Phishing and spam techniques Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Jobs


	In Virus Bulletin's jobs pages among others: Software Designers (Gothenburg, Sweden) Senior Research Scientist (Singapore, Singapore)

Virus Bulletin currently has 224,239 registered users.

Fighting malware and spam

Broken link

Broken link

See also