Spammers Hijack Legit Sites To Hide Their Tracks - InformationWeek
01:31 PM

Spammers Hijack Legit Sites To Hide Their Tracks

Traffic is getting routed through valid sites to fool antivirus and anti-spam filters, an industry expert reports.

Spammers are hijacking legitimate Web sites to disguise their traffic and throw off anti-spam and antivirus filters.

Security company Sophos issued an advisory Thursday morning, warning IT managers and Webmasters that spammers have a new trick up their sleeves. Using PHP vulnerabilities, they're hacking into various Web sites and patching their own traffic through them.

Graham Cluley, a senior technology consultant for Sophos, explained in an interview that e-mail messages in these new major spam campaigns look like all the other spam out there, but generally are selling prescription drugs online. If a user clicks on the link in the e-mail, he is first sent to a page on a legitimate Web site and then quickly routed to the spammer's own site. Cluley says sites like and have both been hijacked.

Companies "go through them because antivirus products and filters will look at the links inside e-mails to see if it's linking to a known spammer's site," said Cluley. "If you see a link to a known spam site, you just block it. How simple. ... It can certainly cause problems for anti-spam filters. They're used to spammers taking people more directly to their sites. And this is just one hop. In theory you could hop umpteen times across the Net before you get to their site."

He added that people clicking on the links might notice a different URL quickly flash by, but other than that wouldn't notice anything unusual.

The images embedded in the e-mails, which generally are of prescription drugs such as Viagra, are even being hosted on legitimate Web sites. One major spam campaign, according to Cluley, has housed the image in its e-mails on a professional photographer's Web site. Again, it's all to fool the antivirus and anti-spam software.

"Antivirus looks for the source of that image, but they've put the image up on someone else's site. It looks legitimate," said Cluley.

He added that IT managers and Webmasters should make sure their software is updated and patched, paying particular attention to PHP bugs. And, of course, he's warning users not to click on links in spammed e-mail messages, noting that some people have died from taking dangerous drugs that had been fraudulently sold online as real prescription medications.

"The problem of drugs being sold by spammers is very serious," he added. "Be very, very careful about buying this sort of stuff online as you're health is at risk. Who knows where they're getting it and who knows what they're actually giving you. People have died from taking pills they bought online from spammers."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll