Symantec Reports Abuse of URL Condensers within Newly-Detected Spam Run

Investigators at Symantec are reportedly cautioning of online-crooks who're increasingly utilizing URL-condensing utilities for their e-mail scams, while attempting at tricking gullible end-users.

Notably, URL condensers largely help in camouflaging web-links, particularly when cyber-criminals utilize several of them for devising multiple hops prior to getting victims to land on certain malware-laced website.

States Symantec that one fresh spam run was recently identified wherein e-mails posed as communication from a service that transferred funds between banks. The unsolicited e-mail asserts that officials have annulled one such transfer, while directs recipients for viewing an associated .pdf document hosted on an outside Web-address. But, on clicking the given web-link, no document emerges rather users, through condensed URLs, get diverted till they reach a site with a drive-by download.

Elaborating on the above e-mail scam, Symantec stated that criminals had obfuscated nearly the whole content of the spam while placing it within a lone massive HTML "DIV" (divides a web-page into different parts) component, concealed with a sequence of Cascading Style Sheets. And whilst any Web-browser displayed the web-page, the content was de-obfuscated with a JavaScript that executed additional JavaScript for leveraging attack codes. The page tried many attack codes, including those aiming at Java and PDF, while also utilized one Windows-Help-Center attack code for pulling down additional malware, the security company noted. Symantec.com published this during the 1st-week of July 2011.

Additionally, Symantec states that there's the use of few hundred distinct condensed URLs for establishing a connection with the said malware. Also, the company anticipates greater utilization of this method by malware-writers later on.

Meanwhile, with such spam runs being so malicious Symantec recommended end-users that they should maintain every software item of theirs up-to-date so that they didn't get victimized with drive-by downloads. Moreover, according to the company, there were e-mail client and browser extensions which of their own expanded condensed URLs; hence those resulting in other URL-condensing utilities mustn't be relied upon.

Eventually, with the identification of the above mentioned e-mail spam it's yet again evident that distributors of spam mails have started developing own URL-condensing utilities, something that Symantec, within its May 2011 report, indicated.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

» SPAMfighter News - 7/14/2011