Broken link

February 2007

Over the last few years we have seen many examples of spam messages that do not contain a link to the advertised website; instead they contain an image requiring that the recipient type the URL into his browser. As a result, it is well known that a single GIF image of small dimensions and file size is a very good indicator of spam.

Old method: image, no link

This year, spammers are proving to be very innovative. With the goal of pursuading the user to type the URL into a browser instead of clicking on a picture or on a simple URL, the spammers have broken the link by adding an invalid character into it. Beneath the link is an explanation of what the recipient needs to do in order to make the link functional:

New method: broken link

We have seen examples of broken links in the wild with characters '*', '-' and a space insterted in different parts of the mail.

It is interesting to note that Firefox doesn't complain when an invalid character is included in the URL, merely producing a 'server not found' error:

Firefox: server not found

IE7, on the other hand, clearly explains that the address is not valid:

IE7: invalid address

Sorin Mustaca, Avira

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 224,239 registered users.