Spammers exploit Google Docs

By

Spam levels jumped in May to 76.8 per cent of all emails sent globally, according to new monitoring data.


MessageLabs' latest Intelligence Report attributed this hike to a change of tactics in which spammers are moving away from a reliance on email attachments.

Spammers are instead moving towards the exploitation of free mainstream hosted services such as Google Docs, Google Calendar and Microsoft SkyDrive.

"The savvy and accurate cyber-criminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are exploiting free hosted applications which have become mainstream in 2008," said Mark Sunner, chief security analyst at MessageLabs.

"The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted.

"This is one more addition to the growing list of ways in which the spammers have succeeded in outsmarting traditional detection devices."

MessageLabs intercepted spam emails in May which contained links to spam contained in documents hosted on the Google Docs environment.

Traditional spam filters do not block links to the Google Docs domain, and spammers are using this to their advantage and even tracking their success through Google Analytics.

Spammers are also using Microsoft's SkyDrive shared file hosting service. Spam generated using this technique accounted for one per cent of all unsolicited mail in May.

In addition to the variety of new spam techniques, MessageLabs also identified several new phishing exploits this month, including one which preyed on a bank's environmentally conscious customers.

Using the Srizbi botnet to launch the attacks, the phishers took advantage of a 'Go Green' campaign run by Central Bank in Missouri to lure recipients into sharing their bank details in order to register for electronic statements.

Also in May, MessageLabs found evidence of phishing attacks claiming to be from HSBC bank which purported to be a secure connection via HTTPS.

Closer inspection revealed that the attack was actually a standard HTTP link to a domain pretending to be the actual bank.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
docsexploitgooglesecurityspammers

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?