Feeds

Spammers dive into Google's lucky dip

Feeling phished?

High performance access to file storage

Google's "I'm feeling lucky" button was designed to save web searchers time by automatically opening the first page of a query. It turns out the feature, and similar ones from other search engines, are increasingly helping junk mailers get around anti-spam products.

That's one of the findings from a January Intelligence report from MessageLabs. The IT security firm found that so-called search engine spam, which only came to light in the past few weeks, accounted for 17 per cent of all the spam the company saw in January. The emails include links that work like this one. When a recipient clicks on them, they frequently lead to destinations hosting malware or phishing sites. But because the links make no mention of the naughty URL itself, many anti-spam filters don't catch them. Anti-phishing protections built in to browsers and browser plug-ins also fail to catch them, in many cases.

To change things up, spammers frequently use different regionalized search engine sites, such as google.com.hk and google.co.uk.

The new technique is "probably more a manifestation of the ebb and flow of the good-guy versus bad-guy arms race," says MessageLabs Chief Security Analyst Mark Sunner. "There really hasn't been a necessity until this point for the bad guys to raise their game with this technique."

Also in January, MessageLabs saw a spike in spam pitching get-rich-quick and other financially-related services. Coming amid a wave of news articles reporting problems with the US and global economies, the spam is playing off of people's anxiety about their finances, Sunner said.

MessageLabs saw declines in other types of junk mail. Spam touting stocks fell to just two per cent in January, an all-time low since MessageLabs began keeping count. Company researchers said the decline could be related to the arrest of notorious spammer Alan Ralsky, who according to federal prosecutors, was engaged in a sophisticated pump-and-dump operation with 10 other individuals until it was shut down almost four weeks ago.

While MessageLabs made no mention of an initiative implemented in March by the Securities and Exchange Commission, this is likely also to be responsible for the drop. Under the program, penny stocks that are the subject of pump-and-dump email campaigns are temporarily suspended immediately following the issuance of the spam - preventing the architects from being able to profit from the scheme. Remove the profit and chances are you'll remove the crime, too. Indeed, both Symantec and the SEC have reported declines in stock-related spam following the new rules.

MessageLabs also said the amount of image spam fell in January to just two percent of all junk mail. That compares with a high of 20 per cent last summer.

The company provides email and web filtering services for more than 16,000 business customers. It processes more than 2.5 billion email connections and one billion web requests each day. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.