MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
10 March 2008

Malicious Attachments via Google Spam


Over the last few weeks we have seen a significant increase in what is known as Google Spam in the Threat Operations Center; sometimes peaking at almost 5% of our overall spam volume.
Google spam is defined as spam that abuses the Google PageRank system by artificially inflating the ranking of a spam site.  Once a spam site has been ranked on the top of the Google search engine based on certain keywords, spam blasts are sent out which craft URLs that query on these keywords and emulate the Google "I'm Feeling Lucky" button which automatically redirects users to the query's top ranking site. 

Most of the Google spam that we have seen thus far redirects to different variations of pharmacy sites pushing pills and enhancement products, typical to most health related spam.

One element of Google spam that hasn't received much attention, however is the potential for attachment based malware distribution via this tactic.  The potential for drive-by malware download as a result of malicious javascript or iframes is obvious and well documented, but another potential threat vector is the possibility of Google Spam directing a user to a malicious PDF. 

Many users by default have their PCs setup to automatically open common attachment types like PDFs without so much as a confirmation box asking the user whether or not they are sure they want to open the file.  This convenient feature is a wide open hole for malware injection, especially considering the PDF exploits that have been published over the last several months. 

To better protect themselves users should not be allowing any attachment type to be opened by default, no matter how common.  Although it might be an inconvenience to have to click a button on a confirmation dialog every time we open file types that we are used to using and that we may open 50 times per day, it at least puts one more step between ourselves and potentially malicious downloads.  Allowing any file to be opened on your PC without your prior knowledge and consent enables a level of trust from an untrusted network that should never exist.
Categories: Network Security Malware Spam Google Spam
Posted by smasiello at 4:39 PM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.