Free Google Analytics: A spammer's best friend

Spammers are taking advantage of Google's free Analytics service to track the performance of spam campaigns and boost their business.
Written by Liam Tung, Contributing Writer

Spammers are taking advantage of Google's free Analytics service to track the performance of spam campaigns and boost their business.

Security firm MessagLabs said spammers have taken to the free Google Analytics service, which promises to track how visitors interact with a website, including where they came from, what they did on a site, and whether they completed any of the site's conversion goals. The service permits analysis of up to five million pages per month and provides users with information on the number of visitors from specific cities around the world.

A MessageLabs Australia spokesperson told ZDNet.com.au that the spammers are likely to be using the tool in order to charge a higher price for their service.

One example of a spam campaign provided by MessageLabs refers to a Google Docs page, which hosts two URLs to the domains of "mattertoo" and "whetherdesert" — both fronts for online shop "Canadian Pharmacy #1 Internet Pharmacy Store". At the time of writing, the Docs page containing the links is still being hosted by Google. The drug service offers pricing in British pounds, as well as US, Canadian and Australian dollars.

"Using Analytics, the spammers can go to market with clear facts talking about the success rate of their database. Cybercriminals are no different in terms of motivation to normal business people — they want to maximise their profit for the least effort. So, metrics is a clear way to demonstrate value to their clients," IBRS security analyst, James Turner told ZDNet.com.au.

Spammers beat the blacklist

The spammers are also starting to experiment with Google's online document hosting service, Google Docs, for its ability to bypass normal filtering measures that scan emails for unwanted URLs, according to MessageLabs.

Instead of sending an email containing links to another website promoting their wares, the spammers have taken to sending an email with a link to a Google Docs page — likely to get past the URL filters — containing links to the website the spammers want recipients to visit.

"Someone has taken advantage of this to get past the filters of software security vendors. That URL would specifically need to be blacklisted by software security vendors, but obviously they don't want to block the Googledocs.com domain," MessageLabs' spokesperson said.

Many businesses will refuse to blacklist Google Docs, said IBRS's Turner. "You don't want to blacklist Google Docs, especially if you're using it internally. A lot of businesses, like ours, are playing around with it seeing if we can find value in it," he said.

However, Turner said whitelisting, as opposed to blacklisting, technology holds promise for dealing with spammers using Google Docs or other typically trustworthy URLs — whitelists work by allowing approved websites to be accessed rather than blocking known "bad" sites.

"A more interesting aspect of this is if you're using a whitelisting product such as WhiteTrash," he said. The open source software, developed by the [Australian] Defence Signals Directorate, started distribution last year via open source initiative SourceForge.

"It basically enables users to validate the purpose that they're going to a website for. So if the site isn't in the whitelist, then Whitetrash will take the user to a holding page and say, 'Please verify that this is for business purposes'. It changes it from being a technology problem to a HR one because you're getting users to take accountability for their actions," he said.

Editorial standards