Spam Filter Bypass with Google Translate

Monday, April 1, 2013 @ 02:04 PM gHale


Spammers are an intelligent bunch not tied down to the same old way of doing things and that is why Google Translate is the latest trick used to bypass email spam filters, researchers said.

Spam filters work by evaluating (among other things) the reputation and the destination of links included in emails, so spammers are attempting to bypass the filters by making the first “jump” to a instinctively trusty Google domain, and then to a poorly maintained URL shortener, said researchers at Barracuda Labs.

RELATED STORIES
Grum Botnet Coming Back Slowly
Cookie Attack can Hijack Accounts
Huge Botnet Steals from Advertisers
Ramnit Malware Back, Better

“Clicking on the link sends us to Google translate. Google translate fetches the shortened URL and follows it to playandstudy.org, a hacked wordpress-based website in France. Playandstudy.org returns Russian text that translates to “Redirected to the requested page…” and Google translate displays that on its page in an iframe,” the researchers said.

The attack ends up with the user redirected to a rogue pharmacy site.

The researchers point out the trick does not work all the time, making them believe Google may be implementing code that defeats “framebusting.” Just as a word of caution, users should not inherently trust similar links, especially when they come in unsolicited emails.



Leave a Reply

You must be logged in to post a comment.