Web 2.0 aims to enhance user creativity, information sharing, collaboration and functionality of the Web. These features enable social networking, video sharing, blogs, Web publishing, plus other popular methods of information and content creation, editing, sharing and distribution. This power is being abused by spammers and malware authors to carry out various attacks, which pose a threat to Web 2.0 functionality.

Our predictions about spammers switching their strategies to carry out different attacks have proved to be accurate. These predictions were made originally at the time of Google’s Anti-CAPTCHA operations to gain access to Google’s Email, Web and Web 2.0 services. Spammers are now using such operations for a variety of social-engineering attacks, an increasingly common trend with various Google's Web 2.0 services. CAPTCHA breaking has allowed spammers to take advantage of the good reputation of Google's services.

Signing up for an account with Google’s free mailing service, GMail, provides users with access to the other services offered by Google. This availability allows spammers and malware authors to advertise their products and services using GMail, Blogger, Google Docs, Google Sites, Google Pages and YouTube services. From a spammer’s perspective, reaching their prospective customers with increased success over the email, Web and Web 2.0 space is always a mind set. Spammers and malware authors, with a unified strategy, execute their tactics and constantly keep switching among them, emphasizing on improving their underground economy.

Recently, spammers have used a combination of different Google Web 2.0 services to carry out a range of attacks. Spammers are creating bogus accounts on YouTube and Blogspot to promote their services, abusing both the services. The bogus accounts on YouTube advertise multiple videos of same theme with ‘inappropriate’ content, clearly abusing the terms and conditions of YouTube services. The profiles of these bogus accounts on Youtube advertise the bogus Blogspot accounts, which act as doorway pages to spam domains. These bogus Blogger accounts make up a set of interlinked spam blogs or splogs, forming a splogospere aiming to promote the actual spam domain, clearly abusing the terms and conditions of Blogger services.

Abuse of terms and conditions of YouTube and Blogger services:

 


Screen shot showing 'inappropriate' content playing on YouTube site:

 


Screen shot showing several instances of 'inappropriate' content on YouTube site, all being uploaded by the same bogus spammer account:

 


Screen shot showing the bogus spammer account profile on YouTube site, promoting the bogus spammer account on Blogger site:

 


Screen shot showing the bogus spammer account on Blogger site, with an empty spam blog or a splog used as a doorway page (using simple java script redirection) to actual spam domain:

 


Screen shot showing the bogus spammer account on Blogger site associating multiple splogs (forming a splogosphere) aiming to promote the same spam domain:

 


Screen shot showing the actual spam domain:

 


Security issues are bound to arise when users are given privileges such as content creation, direct HTML editing, or uploading files and content distribution. These capabilities are being abused by spammers and malware authors to carry out various attacks, which pose a direct threat to Web 2.0 functionality. While continuous efforts are made by various Web 2.0 service providers to combat the abuse of their services, the spammers, phishers and malware authors carry out various attacks over them, proving their adaptability, which can be clearly seen as an iterative cycle in the email, Web and Web 2.0 security arena.


Security Researcher: Sumeet Prasad