Feeds

Scammers skirt spam shields with help from Adobe Flash

The Viagra two step

Protecting against web application threats using SSL

Online scammers have found a new way to skirt anti-spam filters, this time by making use of Adobe Flash files hosted on free websites.

Spam messages with innocuous-looking content contain links to Flash-based files on ImageShack.com and elsewhere, according to a report from anti-spam service MessageLabs. Then commands embedded in the files redirect the recipient to sites that punt Viagra, work-at-home offers and free software updates.

The technique allows spammers to bypass content filters employed by many anti-spam products, which immediately nix messages that contain links to dodgy sites. Because popular sites such as ImageShack are whitelisted, use of the Flash file allows spammers to bypass the filter but still lure marks to sites that try to bilk them or trick them into installing malware.

"It seems a lot of the free image websites out there will quite happily accept a Flash file and attempt to display it," says Matt Sergeant, senior anti-spam technologist for MessageLabs. "The spammers basically get a free ride to bypass URL blocking."

As the series of images below show, the technique is being used to lure users to medsplacesuch.com, a site that claims to be an online pharmacy. It's also being used to trick users into installing software known as Antivirus XP 2008 (which we assume is a variation of a diabolical piece of malware also known as XP Antivirus 2008), and to a work-at-home site claimed to be operated by a company called Retoneva.

Spam with link to Flash file on ImageShack

Step 1: Spam with link to Flash file on ImageShack

Flash file contains code redirecting mark to dodgy site

Step 2: Flash file contains code redirecting mark to dodgy site

Mark is delivered to online pharmacy page

Step 3: Mark is delivered to online pharmacy page

Sergent said ImageShack has so far done a commendable job of removing malicious files once they are brought to the attention of employees in its abuse department. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.