Archived Blog
Google Docs is being used to host spam
06.12.2008 - 1:03 PMGoogle's Blogspot is still hosting a large amount of spam
Spammers' exploitation of services like Blogspot to host spam has been discussed (and complained about) for a few years now. A study in 2007 from WebmasterWorld even stated that 75% of all blogs on Blogspot were spam.
This practice has continued largely due to spammers taking advantage of a Web site's popularity in order to bypass content filters that rely heavily on reputation.
The screenshots below show recent examples of Blogspot being used for spam redirects.
Figure 1) Spam email containing Blogspot URLs
As we have stated in prior blogs, most Blogspot spam URL content contains obfuscated JavaScript, as highlighted below.
Figure 2) Source code hosted at the Blogspot URL (mainly an obfuscated redirector)
The next image shows the code once the obfuscation is removed. As you can see, it's a simple redirect.
Figure 3) Partial unobfuscated source code from a Blogspot spam URL, showing the URL redirect
Finally, this is the target site for the spam email:
Figure 4) The resulting spam site, after the redirect
A more recent twist on the use of Blogspot for spam has been to put the spam content on Blogspot itself, rather than using a redirect.
Figure 5) A Blogspot page showing embedded spam content
Google Docs now being used to host a large amount of spam
Google Docs is another Web 2.0 service that has been abused recently. Spammers have been sending out messages containing links to their Google document, which contains content that serves as a portal to a spam domain. For example:
Figure 6) The Google Docs site
Figure 7) Email containing links to spam hosted on Google Docs
Here is the Google document referenced in the message above:
Figure 8) Google document containing spam
Conclusion
We expect to see more and more spammers taking advantage of free services to host spam, phishing, and malicious sites, since the captchas that previously deterred them from creating free accounts has become less effective.
Security Researcher: Chris Astacio