So-called "redirector" or "search engine" spam emerged in late 2007 and has now grown into a significant threat to businesses. In this new MessageLabs whitepaper, learn about the latest spammer ploy to get dangerous links past traditional defenses, and how MessageLabs delivers a proven, cost-effective solution.
WHITEPAPER
Search Engine Link Spam: Risks, Threats, SolutionNick Johnston, Software Engineer, MessageLabs
Old Enemy, New Weapon URLs - A Key BattlegroundViruses, trojans, spyware and phishing may sound more sinister, Almost without exception, a spam email will target the recipient but spam remains the biggest email-borne threat to businesses. with some sort of call to action. In most cases, this will consist Incredibly, unsolicited emails now account for almost three- of a URL (Universal Resource Locator - an Internet address) quarters of all electronic traf? c heading for corporate gateways accompanied by text saying "visit our online store!" or something around the world. similar. In other cases, the call to action might revolve around a phone number or a stock ticker symbol (a series of characters Spam's relatively innocuous name should never blind businesses representing a particular listed or publicly traded stock).to the serious harm it can cause. Quite simply, unless adequate defenses are in place, electronic junk mail will inevitably lead to But including a URL is by far the most popular technique overburdened inboxes, creaking networks and wasted bandwidth. preferred by spammers. It's easy to see why. URLs are quick An organization's ef? ciency, productivity and pro? tability will all be and simple to insert into emails. If clicked on, they will take the prominent, immediate casualties wherever anti-spam protection recipient of the email directly to the spammer's website. Unlike is not up to the job. the spam email itself - which has to be designed in a way which maximizes its chances of evading anti-spam ? lters - spammers Of course, spam has a very long pedigree and, over the years, are not restricted in what they can include on their websites.email security vendors have responded by strengthening the detection and ? ltering techniques they offer their clients. But this Little wonder, then, that analysis of URLs contained in emails is a war which escalates remorselessly. Spammers continually now plays a key role in efforts to identify spam and stop it from devise new, cunning and increasingly sophisticated ways of reaching its destination. For example, many security vendors now evading spam defenses and achieving their objectives. use "honeypot"' systems designed with the speci? c intention of attracting spam. The messages captured by these honeypots can In autumn 2007, MessageLabs detected the emergence of a be analyzed and all "bad" or suspicious URLs extracted. (Often, new "smart" weapon in the spammers' arsenal - so-called this is achieved by identifying instances where the same URL "redirector" or "search engine" spam. By early 2008, this had appears in thousands or even hundreds of thousands of emails grown into a signi? cant threat - one that businesses need to be - a telltale sign that those emails constitute a spam run). Any aware of and take effective measures to combat. email subsequently identi? ed as containing such a URL can then be blocked and prevented from reaching its target. This anti-This MessageLabs whitepaper puts redirector/search engine spam technique is now well-tested and has proved both ef? cient spam under the spotlight. It explains why the phenomenon and reliable.evolved and how it works. But it also pinpoints a proven, cost-effective solution to this latest manifestation of spammers' To counter URL blocking, spammers have tried a number of never-ending ingenuity. The information presented here is based different tactics:on MessageLabs hands-on experience of providing proven messaging and web security management services for over . One approach is to add random hostnames and gibberish to a 17,000 clients worldwide, with around 2.5 billion attempted URL. Take the URL http://lhlgca.globren.info/?83217971&men, Simple Mail Transfer Protocol (SMTP) connections processed for example. "lhlgca" and "/?83217971&men" are not part of every day on their behalf. the core URL. But by changing them slightly in every message sent out, the spammer aims to make the messages more dif? cult to block. However, security vendors can counter this tactic by focusing on the actual domain part of the URL ("globren.info" in this instance).
WHITEPAPER: Search Engine Link Spam: Risks, Threats, Solution Redirector spam . Spammers are also adept at abusing legitimate, However, a user clicking on one of these results is free website-hosting serv... [download for more]
