Broken link

February 2007

Over the last few years we have seen many examples of spam messages that do not contain a link to the advertised website; instead they contain an image requiring that the recipient type the URL into his browser. As a result, it is well known that a single GIF image of small dimensions and file size is a very good indicator of spam.

Old method: image, no link

This year, spammers are proving to be very innovative. With the goal of pursuading the user to type the URL into a browser instead of clicking on a picture or on a simple URL, the spammers have broken the link by adding an invalid character into it. Beneath the link is an explanation of what the recipient needs to do in order to make the link functional:

New method: broken link

We have seen examples of broken links in the wild with characters '*', '-' and a space insterted in different parts of the mail.

It is interesting to note that Firefox doesn't complain when an invalid character is included in the URL, merely producing a 'server not found' error:

Firefox: server not found

IE7, on the other hand, clearly explains that the address is not valid:

IE7: invalid address

Sorin Mustaca, Avira


Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 43 comments

Jobs Recruit Sidebar

VB100 certification

VB100 VB's testing team put 24 anti-malware products to the test on the server version of Microsoft's latest iteration of the Windows platform: Windows Server 2008. John Hawes has all the details on which products managed to secure a VB100 award and which need have a little more work to do.
See full results.

Virus Bulletin currently has 144,127 registered users.