CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 26th, 2008

Google Docs Abused In Latest Spam Technique

Spammers have adopted Google Docs in order to gain the credibility of Google’s domain, since spam filters would not declare a Google link as spam. According to MessageLabs, this latest spammers technique is used to get around blocking and blacklisting of spam hosting domains.

Since hosted Google Docs have the domain docs.google.com, it could be possible to ban that address, but there many users of this documentation platform and there will be a high amount of blocked proper non-spam emails. A very popular way to block spam is with URL block lists, but with the name “Google” in it, it’s never going to be blocked because of all the legitimate uses.

Sending attachments like JPGs or Word .doc files has proven less than successful when compared to just sending the user a link and thats why the new misuse of Google Docs might become more popular. Spam with just a URL also isn’t foolproof. Spam filters have relied on checking the links in e-mails and blocking them based on suspicious Web addresses.

The way around this is checking the IP of the sender which might be hard for companies. Unless they can do it based on source IP, the only way to catch it is through sender IP reputation level.

There is also a good side in this technique, and it is the fact that Google Docs pages are much less dynamic than HTML. The best spammers can do is put links in the page to get victims to click through to another site. HTML code can not be embedded, no malicious IFRAME can be added, no malicious JavaScript code could run. Another problem would be creation of a lot of Google accounts. It wouldn’t be easy to do because Google has methods in place to stop automation of account creation (CAPTCHA).

MessageLabs has found am example, a typical sexual enhancement advertisement, that asked the recipient to click on the link to a Google Doc page. From the page, more links to purchase Viagra. The page was reported as spam to Google on May 8 but the page is still live.

So far, MessageLabs hasn’t seen large numbers for this method yet, but Google’s Blogspot blogging service is frequently used by spammers, so the spammers may just be getting started. Spammers still use Blogspot as an intermediate drop page, so they may refine this method a little more and stick with it, unless it fails their spamming hopes and they drop it.

There is no Google response available on this subject at this moment.

Share this item with others:

More on CyberInsecure:
  • Google Docs Users May Have Had Their Documents Shared With Strangers
  • Google Code Project Abused By Spam And Malware
  • Microsoft’s CAPTCHA Under Spammers Attack Again
  • Late Valentine E-cards By Storm Trojan
  • Spam Volumes Increase Again, Soon To Be Powered By At Least 10 Millions Of Infected Conficker Bots

    • Posted in Google, Spam | Print This Post Print This Post

    This entry was posted on Monday, May 26th, 2008 at 6:00 am and is filed under Google, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Docs Abused In Latest Spam Technique

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »