Clever spammers have come up with a way to bypass email filters in order to send Pharma-themed junk messages. The process is done in stages, using a legitimate URL shortener, Google’s translation services, and compromised domains.
Researchers at Barracuda Labs have detected a large amount of spam hitting inboxes, and after some research discovered why; someone discovered that Google is often whitelisted. That’s not the news though, because some of the more clever anti-spam products scan the message itself and rank the reputation of links inside – so Pharmaceutical spam, and other junk messages often fail to arrive.
However, Barracuda says that enterprising spammers are using Google Translate, in conjunction with Yahoo’s URL shortening service and hijacked WordPress installations, to bypass even some of the strictest filters.
“One of the primary reasons that small weakly defended websites are hacked is to install simple redirect code – the spammer takes advantage of the good reputation of the website to evade spam filters, and the hacked website redirects anyone who clicks on the message links to the website that the spammer is promoting,” Barracuda explains.
In the example used for their blog post on the topic, the spammer used Google Translate to point to a URL that was shortened with Yahoo’s y.ahoo.it service. The shortened, and translated link, points to a compromised WordPress blog, which redirects the visitor to a rogue pharmacy website.
“We’ve tested many of these links in the lab, and it appears that Google may be implementing code that defeats framebusting, but our tests are inconclusive. Some links now redirect to google.com, while others still redirect to pharmacy sites. We certainly hope this technique is not discovered by malware distributors,” Barracuda’s blog adds.
It is likely that malware distributors are fully aware of such tricks. But all the same, it’s best to simply avoid links that are delivered via random emails.
