Sunday, November 4, 2007

Spammers Redirecting Links in Spam Messages to Avoid Detection, Inc. reported that spammers have escalated their use of redirection techniques to try to get around many anti-spam filters. The latest flurry started about 10:00 AM PDT and by 11:00 AM represented an estimated 4.3% of the spam on the Internet. The technique, most commonly found with pharmaceutical spam in this latest flurry, sends a user to a webpage and the user is then automatically redirected to another webpage. This technique is specifically designed to get around databases of destination URLs that many anti-spam technologies rely upon. Mail-Filters anti-spam/anti-phishing technology is successfully detecting these spam messages.

"Spammers are constantly looking for solutions to avoid detection by anti-spam technologies so that they can reach more eyeballs. We have seen a substantial increase in spam messages being sent where the hyperlinks contained in the messages are actually links to legitimate sites that are then redirected to the spammer sites," explained Ben Westbrook, CTO of Mail-Filters.

Mr. Westbrook continued by explaining, "Because the hyperlink appears to be to a legitimate site, most anti-spam technologies will determine it is a legitimate message or create false-positives by misidentifying legitimate email messages that contain links to these same sites. Mail-Filters technology is correctly blocking the spam messages without causing false-positives. This latest technique is coming in a flurry of messages that sometimes has breaks in the sending -- implying the spammer is evaluating techniques to see what message receives the highest response rate."

Another byproduct of this new spammer technique is that legitimate websites are seeing increased traffic to their websites during the redirect process. This increased traffic could create significant load problems for the sites, potentially even temporarily crashing a site from the increased traffic. In addition, unassuming websites that are being targeted by the spammers find themselves in the embarrassing situation of being associated with spammers.


No comments: