Cracked CAPTCHAs used to create malicious blogs

Posted by   Virus Bulletin on   Apr 25, 2008

Blogs on Google's blogging system redirect to spam sites.

Spammers are using botnets to mass-create phony blogs on Google's free Blogger system, with the phony entries redirecting to spam sites.

According to research by security company Websense, a large botnet is used to surpass the CAPTCHAs used by Google in an attempt to prevent automatic registration of blogs. As seen in similar cases, the success rate of cracking the CAPTCHA is relatively low (in this case it is believed to be between 8 and 13 per cent), but still high enough for a large botnet to create a significant number of blogs.

Since many spam filters block emails that contain links to sites that are known to spam and/or serve malware, spammers have started to use tricks to hide the URL. One such trick is the use of Google's "I'm feeling lucking" button, together with a cleverly constructed search, while recently an open redirect in Google's AdSense has been used to trick spam filters into believing a URL is harmless.

By making use of the facility in Blogger to have a blog redirect to an entirely different website, spammers have managed to obtain a large number URLs on the blogspot.com domain that redirect to their sites. Such URLs occur in many genuine emails and there is no way for a spam filter to decide whether such a URL links to a real blog, other than by following the link and studying the actual website.

Details of the Websense researchers' findings are here.

Posted on 25 April 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.