Update: this post is factually incorrect. ZDNet was sending out spam.
A security vendor has claimed that ZDNet is being “exploited” by Google Docs in order to send spam. Let’s pick apart this exploitation claim and try to figure out what the spammers are really doing.
In a recent blog post, anti-spam vendor Commtouch claims that ZDNet is being exploited in order to spend spam. The title of the post insinuates that systems hosted by ZDNet are being used to send out spam, when in reality spammers are merely trying to use an unauthenticated credential, namely the message footer, as a means of assigning some level of social reputation to their spam.
So why is this not exploitation? Exploitation is defined by the security community to be the compromise of a host or a system via some security flaw. It does not mean the abuse of someone’s name in order to improve the chances of success in a social engineering attack. If we use an analogy to the physical world, it would be the difference between claiming you are a medical doctor to someone on the street and breaking into a hospital, setting up shop as a medical doctor, and stealing another doctor’s DEA number to write out prescriptions for narcotics.
The only service that may be exploited here is Google Docs, which is being used to host content associated with the spam store itself. Spam filters often identify spam based upon URLs that point to known spammy websites. As Google Docs hosts legitimate content as well as spam, the use of the site to host spam content allows the spammer to circumvent some filters. Besides, the Google Docs involvement is more of a case of abuse of terms of service than an exploitation of the service, as anyone is allowed to host content on the site.
When terms such as “exploited” become overused and overextended, their value in describing events in the security world becomes diluted, which makes our job of communicating security problems that much more difficult.
