Spammers Misusing Google’s Web 2.0 Services
According to Websense, spammers are increasingly using Google's Web 2.0 services for launching various malicious attacks through social engineering tactics. By opening an e-mail account with Google's free mailing service, Gmail enables users to access different services offered by the company. This availability allows malware authors and spammers promote their services and products using Gmail, Google Docs, Google Pages, Google Sites, Blogger and YouTube services.
Security specialists said that Web 2.0 aims to improve, information sharing, user creativity, functionality and collaboration on the Web. However, malware authors and spammers abuse this power to launch a range of attacks that threaten the functionality of Web 2.0.
Researchers at Websense also reveal that spammers have an inclination to successfully reach their prospective customers through e-mail, Web 2.0 and other Web services. These spammers and malware creators employ a unified approach to execute their attack methods that they keep interchanging; thereby, enhancing their underground economy.
Recently, spammers joined different Google Web 2.0 services and used them to launch a variety of attacks. Now they are opening fake accounts on BlogSpot and YouTube to advertise their products and services by abusing the two services. The fake accounts on YouTube promote a number of videos on the same subject with inappropriate content, clearly violating the usability terms of YouTube services.
Furthermore, the profiles of these fake accounts on YouTube promote the fake BlogSpot accounts, and this act as entry pages to reach spam domains. The fake Blogger accounts in turn create a network of spam blogs called 'splogs'; thereby, creating a 'splogospere'. Its objective is to push the real spam domain by clearly abusing the usability terms of Blogger services.
Security specialists said that problems of security are inevitable when users are able to avail privileges like content creation, content distribution, file uploading, and direct HTML editing. These capabilities are misused by spammers and malware writers.
Meanwhile, although Web 2.0 service providers continuously make efforts to fight the misuse of their services, the malware authors, phishers and spammers keep waging attacks through them, demonstrating their malicious adaptability to e-mail and misusing Web 2.0 and other Web security services.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 14-10-2008