[LINK] Spammers exploit Google Docs

Bernard Robertson-Dunn brd at iimetro.com.au
Wed Jun 4 19:41:45 AEST 2008

Spammers exploit Google Docs
By Robert Jaques
4 June 2008 01:57PM

Spam levels jumped in May to 76.8 percent of all emails sent globally, 
according to new monitoring data..

MessageLabs' latest Intelligence Report attributed this hike to a change 
of tactics in which spammers are moving away from a reliance on email 

Spammers are instead moving towards the exploitation of free mainstream 
hosted services such as Google Docs, Google Calendar and Microsoft SkyDrive.

"The savvy and accurate cyber-criminals of today seem to have abandoned 
the attachments tactic that was so innovative in late 2007 and are 
exploiting free hosted applications which have become mainstream in 
2008," said Mark Sunner, chief security analyst at MessageLabs.

"The spammers are taking advantage of the fact that these services are 
free, provide ample bandwidth and are rarely blacklisted.

"This is one more addition to the growing list of ways in which the 
spammers have succeeded in outsmarting traditional detection devices."

MessageLabs intercepted spam emails in May which contained links to spam 
contained in documents hosted on the Google Docs environment.

Traditional spam filters do not block links to the Google Docs domain, 
and spammers are using this to their advantage and even tracking their 
success through Google Analytics.

Spammers are also using Microsoft's SkyDrive shared file hosting 
service. Spam generated using this technique accounted for one per cent 
of all unsolicited mail in May.

In addition to the variety of new spam techniques, MessageLabs also 
identified several new phishing exploits this month, including one which 
preyed on a bank's environmentally conscious customers.

Using the Srizbi botnet to launch the attacks, the phishers took 
advantage of a 'Go Green' campaign run by Central Bank in Missouri to 
lure recipients into sharing their bank details in order to register for 
electronic statements.

Also in May, MessageLabs found evidence of phishing attacks claiming to 
be from HSBC bank which purported to be a secure connection via HTTPS.

Closer inspection revealed that the attack was actually a standard HTTP 
link to a domain pretending to be the actual bank.


Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au

More information about the Link mailing list