Shady spammers getting more creative with links

Spammers Use Free Web Services to Shield Links

by Michael Smith

It is becoming more than obvious that the shady emailers have no intention of cutting back their malicious messages, so it is time to once again give a warning.

Take that “Chief Yussuf Osman of Nigeria” who is expecting an immediate answer by from you to get those millions he wants to share with you. By the way, no offense to any actual Yussuf Osman, chief or no chief, out there. So many people tend to fall for it and without knowing what they are clicking on, especially when using Microsoft's Internet Explorer of what ever number, and when they do so they tend to end up with a lovely little Trojan in their system which then turns their system into a bot in a botnet, sending out more and more spam.

Also the likes of Yahoo! Lotteries, which do not exist, asking for your personal dossier, as well as wire transfer requests to receive unclaimed fortunes, are dangerous, it could be even more important that people recognize the dangers of deceptive links in messages.

I am sure that many of the readers have often been warned about clicking links within unexpected emails. A common approach is to link you over to a spoofed login page to collect your password. In the beginning scammers didn’t worry much about what the link looked like but once people began looking more closely at the domain in the hyperlink the scammers started creating links that looked like they pointed to one place, but when you put your mouse over them you would see that the link actually directed you elsewhere. I personally, as and when possible, do a check on any email that I am not sure with by using the full headers.

In Outlook, Outlook Express, or similar client program, this can be called up by the use of a right-click of the mouse and then using the “properties” tabs. Here you can more often than not spot the danger by looking at the return path. If the return path for a supposedly official email from a company is to one then it should already be obvious that this is a spoof.

But theose guys get “better” every day. Malicious spammers are finding new ways to make their links look more legitimate. The latest trend is – drumroll - free web services. Yes. Those free storage facilities, the photo sharing and -storage services, and others.

One of the services, a photo-hosting site called ImageShack, lets people upload different types of photo formats, including Flash files.

Flash files, which have the extension “.swf”, can be used for animated graphics and can also be used to automatically redirect people to other Web sites. That feature can be abused.

The attack involving ImageShack works like this: Spammers upload a Flash file then copy the link for that file which comes from ImageShack's domain in a spam message. If the link is followed, the Flash file redirects the victim to a spam site.

The technique offers an advantage for spammers. Antispam software will often scan links in e-mail and block those e-mails with suspicious-looking ones. But ImageShack's domain is considered to have a good reputation, so messages won't be blocked.

Another more dangerous variation on this theme is a spam e-mail promoting a video.

If the link is clicked, a Flash file redirects the victim to a site where a pop-up window immediately implores the user to download a codec supposedly needed to play the video file. Invariably, the file isn't a codec but some piece of malicious software.

Even if the spam link in the e-mail appears to be OK, there are many other ways to tell if a message is spam.

A similar type of abuse has been made of Microsoft's Windows Live SkyDrive, which is an online file storage service.

The scenario is almost the same: The link is connected with a file on SkyDrive, but then the link performs an HTML redirect to a dodgy site. SkyDrive also allows Flash files to be uploaded, offering another possible way to attack.

Also remember that whenever an email directs you to a site (typically where you have an account and would need to login), you should instead visit the site via typical methods (bookmark, typing URL by hand, even a web search). If there is something significant going on with your account, whether at your email service, such as Yahoo Mail, or your bank, they will usually tell you when you login. If you feel that you absolutely HAVE to click on the link in an email you should examine it closely before clicking on it!

So, remember, it is a dangerous world out there, also ion cyberspace, and we need to have out wits about us. Do not open an email that you are not sure about, especially not it is has an attachment and do not click on links in email that you are not sure of. Also remember that the sender's address can be spoofed and they can even use the name of friends of yours. So, if in doubt, before ever opening the email send the sender, if know to you, e.g. a friend, colleague, member of the family, etc., an email asking for verification. It works and keeps you and your computer safe.

© M Smith (Veshengro), September 2008