Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

Spammers use Google Translate to Bypass Filters

Clever spammers have come up with a way to bypass email filters in order to send Pharma-themed junk messages. The process is done in stages, using a legitimate URL shortener, Google’s translation services, and compromised domains.

Clever spammers have come up with a way to bypass email filters in order to send Pharma-themed junk messages. The process is done in stages, using a legitimate URL shortener, Google’s translation services, and compromised domains.

Researchers at Barracuda Labs have detected a large amount of spam hitting inboxes, and after some research discovered why; someone discovered that Google is often whitelisted. That’s not the news though, because some of the more clever anti-spam products scan the message itself and rank the reputation of links inside – so Pharmaceutical spam, and other junk messages often fail to arrive.

However, Barracuda says that enterprising spammers are using Google Translate, in conjunction with Yahoo’s URL shortening service and hijacked WordPress installations, to bypass even some of the strictest filters.

“One of the primary reasons that small weakly defended websites are hacked is to install simple redirect code – the spammer takes advantage of the good reputation of the website to evade spam filters, and the hacked website redirects anyone who clicks on the message links to the website that the spammer is promoting,” Barracuda explains.

In the example used for their blog post on the topic, the spammer used Google Translate to point to a URL that was shortened with Yahoo’s y.ahoo.it service. The shortened, and translated link, points to a compromised WordPress blog, which redirects the visitor to a rogue pharmacy website.

“We’ve tested many of these links in the lab, and it appears that Google may be implementing code that defeats framebusting, but our tests are inconclusive. Some links now redirect to google.com, while others still redirect to pharmacy sites. We certainly hope this technique is not discovered by malware distributors,” Barracuda’s blog adds.

It is likely that malware distributors are fully aware of such tricks. But all the same, it’s best to simply avoid links that are delivered via random emails.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Phishing

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Phishing

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

Reddit says its systems were hacked following a sophisticated phishing attack aimed at employees.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...