Spammers Abusing Hosting Sites to Spread Redirects

Researchers at Symantec a prominent security company caution users of spammers, who by exploiting non-charging hosting services more-and-more, are planting redirectors to conceal their spam websites.

These spammers, by employing this multi-layered technique gain greater flexibility as well as make it more difficult for security companies to spot, stop and shutdown their spam sites.

Moreover, spammers are not embedding a web-link connecting with a non-chargeable hosting site along with harboring spam material on it. Instead they're utilizing URL-shortening services more-and-more with which they craft a nearly infinite number of web-links so that every junk e-mail dispatched carries a fresh web-link. Interestingly, these web-links rather than lead onto a spam-based website, lead onto non-chargeable hosting website, wherein additional randomized "junk" elements are frequently appended at the URL's end.

Nevertheless, instead of utilizing one simple JavaScript redirect, spammers perform significantly towards hiding their URL redirect with the help of camouflaging methods. Incidentally, JavaScript camouflaging works when a web-address is split into parts, those parts are joined followed with substituting different characters for attaining the right URL like replacing each "z" letter with the "k" letter.

Recent spam runs have been observed to employ this method as they advertised counterfeit items like replica watches, while being sent from the Cutwail botnet also called Pushdo. Cutwail's spam output has changed from 5% to 10% of the global spam during 2010, while in 2009; the rate was much higher when Cutwail remained one of the largest spam distributors in the world. However, later during the same year (2009) it was shutdown in a major initiative.

Yet Cutwail demonstrated remarkable resilience. But again during August 2010, it was severely dismantled; however, it managed to revive once more.

Notably, those responsible for Cutwail are known to execute fresh techniques for bypassing anti-spam software. During November-end 2010, the botnet, which distributed fake pharmaceutical related junk e-mails, employed CSS floating methods along with color declarations for generating relevant text that merely humans could see.

Remark security investigators, diverting Web-surfers via this method proves that spammers can do anything for concealing their original spam websites' addresses, thus making those websites harder to detect.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 12/21/2010