• On MovieTome: TRANSFORMERS 2 SPOILERS!
advertisementAT&T Tech Support 360
May 23, 2008 1:13 PM PDT

Google Docs used in latest spam attack

Posted by Robert Vamosi

Spammers will do just about anything to get their e-mail through corporate and desktop filters. According to MessageLabs, they're now using Google Docs, a perfectly legitimate way to publish to the Web. Only what they're publishing is the same old wares--this time, it's enhancement pills. This week I talked with Matt Sergeant, senior anti-spam technologist with MessageLabs, who told me how they they've tracking one Google Doc since May 8, 2008.

Later in the conversation, Sergeant talks about the resurgence of Storm. Only a few weeks ago, MessageLabs reported a notable decrease in computers infected with the Storm botnet.

Below is a transcript of part of my interview. The entire podcast can be heard here.

Matt Sergeant: What's happening with Google Docs is that Google Docs is a way to publish your documents online. So, for example, word processing documents and spreadsheets and so on, and much like if you were using Microsoft Word you can embed links within those documents. What this does for the spammers is it allows them to effectively publish online a Web page on hosting sites such as Google that has all the bandwidth in the world for hosting it, and it's also a Web site that is never going to get blacklisted by anyone because nobody would be stupid enough to blacklist Google. So in effect, for the spammers this is a human shield effect. They can host their information and links online on a very stable source of bandwidth and links, and not worry ever about it being taken down or blacklisted.

Me: When did you first see this happening?

Sergeant: The first one that we saw, which showed on our radar in extremely small numbers clearly as a test by the spammers, was on May the 8th. So I guess that's about two weeks ago now.

Me: Have you contacted Google?

Sergeant: We've contacted Google, and also there's a link at the bottom of each one of the documents that Google publishes online that says, "Report this as spam." We clicked that link and I imagine anyone else who got the e-mail clicked that link as well. Unfortunately, Google has proved themselves to be quite slow at tackling this kind of abuse. Weeks later this document is still available online despite the reporting as spam.

Me: When you say that Google has a history of this can you site another example in recent memory where they've been slow to act on spam like this?

Sergeant: Generally, yeah there's a couple of different issues that we see in spam with Google. The first and very obvious one is spam directly from Gmail accounts, often that's the Nigerian spammers who are sending out these offers of millions of dollars where there is in fact no money. By most people's standards, Google tends to be quite slow at shutting down those accounts, whether it be an account that's actually an e-mail or just a drop box account for people to reply to. So those accounts seem to stay active for longer than if they were being hosted somewhere else for example. The other thing we see with Google is redirector links, so they have these links on their Web site which allow anyone or just about, but obviously mostly the spammers to have a link that looks like it's going directly to Google, but in fact after you've visited Google it redirects you to the actual spammers Web site. These redirectors are quite common on loads and loads of Web sites out there, but obviously again they're gaining advantage from Google of all the bandwidth and unblock ability of the Google Web site.

Me: So give me an example of what we would see if we went to the spammers website, what sort of, where is it being hawked or Malware being served up.

Sergeant: In the example that we saw on May the 8th it was a very simple pills scam or a pills Web site. So the e-mail came in with a link to Google Docs and very little of a text in the e-mail itself. They're very hard to block because there was very little to go on regarding the contents of it. When you went to the Google Docs Web site you saw much more information about the pills available for sale and the prices and so on, and almost every bit of text within that was a link which took you to the spammers drop Web site, which is where you would actually go if you wanted to purchase some of those pills.

Topics:

Security,

Bots and botnets

Tags:

security,

Google Docs,

spam,

MessageLabs,

Matt Sergeant

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
High-tech bank robbers phone it in
How 'carders' trade your stolen personal info
Anatomy of a botnet
Column: Raising Cain at Black Hat
Black Hat 2008: Notes from the field
Add a Comment (Log in or register) 2 comments
by t8 May 24, 2008 3:28 PM PDT
The spammers will probably create their own "Report this as spam" link at the bottom of their documents. That would trick a lot of people into going to an undesirable web page.
Reply to this comment
by UNiHacker June 3, 2008 5:49 AM PDT
Robert,
While the Google docs is pretty funny, I have something even more fun for you to check out. Using Google to find print devices. :-) Any plugs welcome. :-)

http://www.unihacker.com/2008/06/devices-indexed-by-google-just-for-hackers.html
Reply to this comment
Powered by Jive Software
advertisement
Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Featured blogs

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET