mxlab - all about anti virus and anti spam » google

Google Talk users subject of phishing scheme

mxlab — Thu, 26 Feb 2009 19:56:14 +0000

After the GMail service interruption, Google now suffers another security risk. Google Talk users are subject of a phishing scheme to get them to give up their user information.

The scam includes to lure tha Google Talk users, Google’s instant messaging system, to the web site ViddyHo with messages containing “Hey check out this video” by clicking on a link via the TinyURL service. The link directs users to the web site of ViddyHo, where users are asked to enter their Gmail usernames and passwords to get access.

The web site ViddyHo is being blocked by TinyURL but it is always possible that other URLs will be used in future phishing emails.

As always, the general recommendation from MX Lab is not to trust any request to fill in your account credentials on a web site. Check the URL, check the HTTPS connection first and try to see if the site is genuine.

A solution for the spoofed URLs from Google and DoubleClick

mxlab — Tue, 03 Jun 2008 18:50:54 +0000

According to CNet, Google will tackle two serious issues. A cross-site scripting issue on the login page of the communication platform Grand Central but more important, well if you receive this type of spam, is the URL spoofing technique that spammers use.

On this blog I have posted, in May, an article about that also DoublClick URLs are being used in spam like Google. As a result, email users click on the URL that appears to direct you to Google.com but instead redirects you to a potential malicious site or an web site advertised by the spammer like an online pharmacy.

“Open URL redirection is an issue we take very seriously. As we become aware of open URL redirectors on google.com, we actively work to close them. We are also aware of redirectors using doubleclick.com and are working to address this issue,” the Google spokesman said.

This sound great. Now it is time for the spammer to develop a new technique. Fingers crossed.

Double Click ad links used in URLs

mxlab — Thu, 22 May 2008 22:52:20 +0000

“Let’s try something new” said one spammer to the other. “I have enough of these Google PageAd links in our spam. I’m going to integrate Double Click this time.”

And yes, we intercept more URLs these days like http://ad.doubleclick.net/click;h=*******http://***.com/redir.html to avoid potential filters and lure drugs bying surfers to the European Pharmany.

The other spammer used Double Click to distibute some malware:
http://ad.doubleclick.net/click;h=*******http://***.es/video.exe with the promise that you can see a Britney and Paris lesbian video. The malware is known as the Trojan.Downloader.Exchanger.bc.

Oh, well, no video tonight I guess.

Security flaw in Gmail can turn server in a spam machine

mxlab — Mon, 12 May 2008 09:05:50 +0000

INSERT, the Information Security Research Team, has created a proof of concept that exploits Google’s SMTP service bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.

This vulnerability enables an attacker to bypass blacklist/whitelist based email filters and freely forge all fields in an email message by having Google’s SMTP servers tricked into functioning as open SMTP relays. We were able to confirm that this vulnerability is indeed exploitable by assembling a proof of concept (PoC) attack that allowed us to use one single Gmail account to send bulk messages to more than 4,000 email targets (which surpasses Gmail’s 500 messages limit for bulk messages)

Google spam backscatter

mxlab — Mon, 14 Apr 2008 22:22:37 +0000

If you have received a “Your mail could not be delivered” bounce notification, a “Your mail contained a virus” notice, or a request to confirm your signup request for a mailing list you’ve never heard of, you’ve probably received backscatter. There is also spam backscatter when spammers use your domain in their activities.

Some time ago, when virus outbreaks where very common, we did had a lot of backscatter from mail servers that intercepted the virus. Mail administrators where so concerned, or may I say stupid, to send out these notifications to the sender, most often to spoofed email addresses.

Today, we have Google backscatter:

Hello souillet1957@**********.com,

We’re writing to let you know that the group that you tried to contact (designateh) doesn’t exist. There are a few possible reasons why this happened:

* You might have spelled or formatted the group name incorrectly.
* The owner of the group removed this group, so there’s nobody there to contact.

If you have questions about this or any other group, please visit the Google Groups Help Center at http://groups.google.com/support.

Thanks, and we hope you’ll continue to enjoy Google Groups.

The Google Groups Team

Thank you Google.

Blogspot used a lot by spammers

mxlab — Thu, 27 Mar 2008 12:05:29 +0000

Last year, the Microsoft Research study showed that Blogspot, the popular Blogger platform from Google, was one of the top doorway domains for spam. 75% where used as “splogs”, so called re-directs to spam sites.During the last few weeks, MX Lab is seeing new blogspot domains every day and the spam where a Blogspot domain is used has increased to new heights. These spam messages advertise pronography, pharmacy and so on. Nothing new under the sun but we als have reports that malware is being distibuted through this channel. So clicking on a Blogspot link can be hazardous to your computer’s health.

From our point of view, it is time that Google reacts and thightens it’s security a lot. It is clear that it’s too easy for spammers to create new Blogspot domains.