Spammers Turn To Google Translate To Evade Detection


Spammers peddling pornography, pharmaceuticals and more are using Google Translate to whitewash links and evade detection.

The spammers are using the service as a URL redirect in an effort to avoid reputation and destination engines used in Web filters and other antispam technologies, according to Barracuda Networks, which recently detected spam campaigns using the technique in its spam honeypots. The Google Translate method is working because people are still clicking on the link, Barracuda said in a blog analyzing the spam campaign.

"Spammers take these extreme steps to hide what they're doing and, no matter how good your spam filtering solution, you have to be especially aware of emailed links," Barracuda said in the blog. "In short, don't click on them."

[Related: Phishing Attacks Prompt Oxford University To Block Google Docs]

Barracuda said spammers also use poorly maintained URL shorteners in their messages. In addition, smaller websites are targeted in attacks to install simple redirect code used to dupe antispam engines.

"The spammer takes advantage of the good reputation of the website to evade spam filters, and the hacked website redirects anyone who clicks on the message links to the website that the spammer is promoting," Barracuda said.

The attacks detected by Barracuda lead to a rogue pharmacy website. The spammer used a Yahoo URL shortener with a link that leads to Google Translate, which then redirects to a hacked Wordpress website in France. Script on the page leads users to the pharmaceutical site, Barracuda said.

The effectiveness of many antispam technologies is in decline, according to antispam tests recently conducted by the product certification arm of U.K.-based Virus Bulletin. The firm said in its latest monthly report released Thursday that 15 of the 19 products it tested were missing more spam than they did in its last test.

Catch rates are still above 98 percent and commonly fluctuate throughout the year, according to the firm. "A lot of spam is now being sent through compromised hosts rather than the traditional source of vast chunks of spam, compromised home PCs," Virus Bulletin said in the report.

Hosting providers are more commonly being used to deliver spam, according to recent analysis provided by Vancouver-based email reputation service MailChannels. Spammers are renting cloud servers and abusing shared hosting platforms, the firm said in its analysis of data provided by Spamhaus' composite blocking list.

"Whereas 12 months ago, much of the world's spam originated from botnet-controlled PCs on ISP networks, most of the world's spam volume now originates from Web hosting provider networks," the company said.

PUBLISHED MARCH 28, 2013