English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

Spammers Evading Filters Using Maliciously Designed SWF Files

In efforts to bypass detection, spammers are increasingly using SWF (Shockwave Flash) file redirects, Security Experts at Sunbelt Software, the vendor for security software, have said in the last week of August 2008.

The company said that similar to other spamming tricks, the objective of the SWF redirect related to encouraging users to install malware and this works, as filters were not accustom to it. Also, there aren't many tools for analysis as one can find for HTML or JavaScript. Meanwhile, the links included in the spam mails can be displayed as plain text or in html format, while in both the instances, the browsers would easily be able to open the URLs and run the SWF files.

Moreover, the SWF files' action script code contains a redirect designed to lead users onto Websites that serve malware directly or indirectly. Furthermore, in many cases, the malicious program loaded from the Website is a fake anti-virus or anti-spyware software that infects the end-user and informs him/her about the infection. Then, it demands a price to get a particular cleaning software for his/her infected computer.

According to Alex Eckelberry, President, Sunbelt Software, the SWF files contains a hardly visible box crafted to initiate loading of a Trojan. Previously, the attackers used links that directly led to the Trojan. But since those URLs have been recently blacklisted, the spammers had to find a method to get past the filters. Therefore, they are using the SWF files, as reported by SCMagazineUS on August 28, 2008.

Meantime, these spam mails are attempting to trick users into clicking on a link through various ways like claiming to offer Vista security updates, interesting videos or security software free of cost. A server that is frequently used to host the SWF files is ImageShack, an extremely popular online service that hosts media content for no charge.

However, this is not the first time when SWF redirects are being used. Since long, it has been used in malvertizements, advertisements delivering malicious content. Furthermore, the first blast of spam mails using SWF redirects started in July end 2008.

» SPAMfighter News - 09-09-2008

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>