Feeds

Scammers skirt spam shields with help from Adobe Flash

The Viagra two step

Beginner's guide to SSL certificates

Online scammers have found a new way to skirt anti-spam filters, this time by making use of Adobe Flash files hosted on free websites.

Spam messages with innocuous-looking content contain links to Flash-based files on ImageShack.com and elsewhere, according to a report from anti-spam service MessageLabs. Then commands embedded in the files redirect the recipient to sites that punt Viagra, work-at-home offers and free software updates.

The technique allows spammers to bypass content filters employed by many anti-spam products, which immediately nix messages that contain links to dodgy sites. Because popular sites such as ImageShack are whitelisted, use of the Flash file allows spammers to bypass the filter but still lure marks to sites that try to bilk them or trick them into installing malware.

"It seems a lot of the free image websites out there will quite happily accept a Flash file and attempt to display it," says Matt Sergeant, senior anti-spam technologist for MessageLabs. "The spammers basically get a free ride to bypass URL blocking."

As the series of images below show, the technique is being used to lure users to medsplacesuch.com, a site that claims to be an online pharmacy. It's also being used to trick users into installing software known as Antivirus XP 2008 (which we assume is a variation of a diabolical piece of malware also known as XP Antivirus 2008), and to a work-at-home site claimed to be operated by a company called Retoneva.

Spam with link to Flash file on ImageShack

Step 1: Spam with link to Flash file on ImageShack

Flash file contains code redirecting mark to dodgy site

Step 2: Flash file contains code redirecting mark to dodgy site

Mark is delivered to online pharmacy page

Step 3: Mark is delivered to online pharmacy page

Sergent said ImageShack has so far done a commendable job of removing malicious files once they are brought to the attention of employees in its abuse department. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.