Spammers tap Google's Picasa, Adobe Flash

New techniques such as using images hosted by Picasa Web Albums and Flash-based site redirection showed up in August, new security report shows.
Written by Vivian Yeo, Contributor

Spammers are tapping on Google's Picasa Web-based photo management application and Adobe Flash file to spread unsolicited e-mail and malware, a new report has revealed.

According to the MessageLabs Intelligence: August 2008 report, the security vendor identified for the first time last month, examples of images hosted by Google's Picasa Web Albums that appeared in both spam and malware e-mail. The accounts that were used to host the images appeared to have been generated by a program to avoid Google's Captcha (Completely Automated Public Turing Test to Tell Computers and Humans Apart) mechanisms to identify junk e-mailers, MessageLabs said in a statement Monday.

In one such example, the image was hosted via a legitimate domain registered to Google and used by Picasa Web Albums. Using traditional antispam techniques such as blocking e-mail based on the URLs they contain, could cause "significant collateral damage", the company pointed out in its report.

In addition, spammers are now using legitimate image-hosting services to host Flash-based .swf files which when viewed will cause the user's Web browser to redirect to the their intended site. According to MessageLabs, spammers that use this technique can bypass many traditional content filters as the Web link in the e-mail relates to a legitimate site.

When the user has been directed by the flash component to the spam site, it downloads an executable file which then proceeds to install malware, such as antispyware program Antivirus XP 2008.

"The new rogue antispyware program, Antivirus XP 2008, threatened businesses again in August, both as a downloadable file that arrives in an e-mail with a Flash component advertising a free Microsoft upgrade, and again as a dropper component in e-mail spoofing virtual greeting cards and fake online postcards," Mark Sunner, chief security analyst at MessageLabs, said in the statement. "When the link containing the executable is activated, it proceeds to install Antivirus XP 2008 on a victim machine."

The Antivirus XP 2008 program, noted Sunner, contributed to a 12 percent increase in e-mail borne malware, which represents 15.2 percent of all malware intercepted in August, Sunner noted.

Spam volumes for techniques involving Picasa Web Albums and Flash-based remain low, each contributing less than 1 percent to the spam captured by MessageLabs in August.

According to MessageLabs, spam volumes rose by 160 percent in August, resulting in an overall increase of 3 percent to current spam levels. The company attributed the increase to two China-based botnets--Srizbi and Cutwail--both of which increased spam output by 20 percent to 25 percent over July and August.

Editorial standards