Using shortened website links, compromised blogs and Googleâ€™s own translate service, scammers managed to avoid filters in an effective new spam tactic.
Pharmaceutical spam made its way to inboxes via compromised WordPress blogs that were used in conjunction with Yahooâ€™s URL shortening service to translate spammy websites. Â Once clicked, users are redirected to websites promoting pharmaceutical content.
â€œOne of the primary reasons that small weakly defended websites are hacked is to install simple redirect code – the spammer takes advantage of the good reputation of the website to evade spam filters, and the hacked website redirects anyone who clicks on the message links to the website that the spammer is promoting,â€ according to researchers at Barracuda Labs. â€œIn the case above, the spammer tried to evade detection by using a one-two punch of a poorly maintained url shortener and a URL redirector that nobody thinks of as a URL redirector – Google translate.â€
Arguing that the method could easily be used by malware distributors to spread havoc, researchers advise users to not click on links in emails from untrusted sources. Although most spam messages can easily be exposed, some might seem highly legit.
â€œWe’ve tested many of these links in the lab, and it appears that Google may be implementing code that defeats framebusting, but our tests are inconclusive,â€ reads Barracudaâ€™s blog. â€œSome links now redirect to google.com, while others still redirect to pharmacy sites. We certainly hope this technique is not discovered by malware distributors.â€
Concluding that spammers are figuring out new and inventive ways to hide spammy links, researchers point to the new spam campaign as a possible trend. Either way, clicking on embedded links from dubious emails is highly risky.