Merde! Dummkopf! Google Translate used as spam cloak

Cock-doc pillmongers use tech out of Inception movie

By John Leyden, 2nd April 2013

Spammers are using Google Translate to disguise links to dodgy websites.

All sorts of internet pond life, particularly purveyors of blue pills purporting to pump blokes' performance between the sheets, are relying on the reputation of Google's language translation service to smuggle web links through mail filters. Security researchers at Barracuda Networks, which collects and analyses samples of spam, clocked messages attempting to defeat reputation filters using this tactic.

When a user clicks on a link in the junk mail, the web browser and Google are instructed to follow a chain of pages until the dodgy website is reached.

The link in the spam email points to Google Translate, which can act as a URL redirector. Google Translate is told to fetch a second address embedded in the first link. This second address is a URL shortened by a service such as Yahoo!'s y.ahoo.it. This shortened address is expanded and followed by Google's systems to a hacked website, which contains a small bit of text that Google Translate ultimately tries to process.

But the compromised website also includes code that breaks the browser out of the Google Translate iframe and redirects the user, finally, to the rogue online pharmacy shop. It's a multi-stage obfuscation process designed to fox anti-spam software, which may simply inspect the message and approve it because all it can see is the Google link.

Barracuda researchers Dave Michmerhuizen and Shawn Anderson found that the search giant's translation service is blocking many of the dodgy links, but the tactic is nonetheless a concern because it may easily be used to lure users into visiting malware-tainted websites.

"We've tested many of these links in the lab, and it appears that Google may be implementing code that defeats frame-busting, but our tests are inconclusive. Some links now redirect to google.com, while others still redirect to pharmacy sites. We certainly hope this technique is not discovered by malware distributors," the Barracuda researchers explained in a blog post.

"In any case, it's worthwhile to know that spammers are taking these extreme steps to hide what they're doing, and no matter how good your spam filtering solution you have to be especially aware of emailed links. In short, don't click on them." ®

5 ways to prepare your advertising infrastructure for disaster

39 Reader Comments

5 ways to prepare your advertising infrastructure for disaster

Being prepared allows your brand to greatly improve your advertising infrastructure performance and reliability that, in the end, will boost confidence in your brand.

Reg Reader Research: SaaS based Email and Office Productivity Tools

Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.

Email delivery: Hate phishing emails? You'll love DMARC

DMARC has been created as a standard to help properly authenticate your sends and monitor and report phishers that are trying to send from your name..