01:31 PM
Connect Directly

Spammers Hijack Legit Sites To Hide Their Tracks

Traffic is getting routed through valid sites to fool antivirus and anti-spam filters, an industry expert reports.

Spammers are hijacking legitimate Web sites to disguise their traffic and throw off anti-spam and antivirus filters.

Security company Sophos issued an advisory Thursday morning, warning IT managers and Webmasters that spammers have a new trick up their sleeves. Using PHP vulnerabilities, they're hacking into various Web sites and patching their own traffic through them.

Graham Cluley, a senior technology consultant for Sophos, explained in an interview that e-mail messages in these new major spam campaigns look like all the other spam out there, but generally are selling prescription drugs online. If a user clicks on the link in the e-mail, he is first sent to a page on a legitimate Web site and then quickly routed to the spammer's own site. Cluley says sites like and have both been hijacked.

Companies "go through them because antivirus products and filters will look at the links inside e-mails to see if it's linking to a known spammer's site," said Cluley. "If you see a link to a known spam site, you just block it. How simple. ... It can certainly cause problems for anti-spam filters. They're used to spammers taking people more directly to their sites. And this is just one hop. In theory you could hop umpteen times across the Net before you get to their site."

He added that people clicking on the links might notice a different URL quickly flash by, but other than that wouldn't notice anything unusual.

The images embedded in the e-mails, which generally are of prescription drugs such as Viagra, are even being hosted on legitimate Web sites. One major spam campaign, according to Cluley, has housed the image in its e-mails on a professional photographer's Web site. Again, it's all to fool the antivirus and anti-spam software.

"Antivirus looks for the source of that image, but they've put the image up on someone else's site. It looks legitimate," said Cluley.

He added that IT managers and Webmasters should make sure their software is updated and patched, paying particular attention to PHP bugs. And, of course, he's warning users not to click on links in spammed e-mail messages, noting that some people have died from taking dangerous drugs that had been fraudulently sold online as real prescription medications.

"The problem of drugs being sold by spammers is very serious," he added. "Be very, very careful about buying this sort of stuff online as you're health is at risk. Who knows where they're getting it and who knows what they're actually giving you. People have died from taking pills they bought online from spammers."

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.