Spammers have found a way to mine free Web-hosting services for cash.
Online scammers have long used free hosting services such as Yahoo Geocities or Tripod as a way to get around e-mail filters that might otherwise recognize their spammy Web sites. But now some enterprising spammers have begun selling each other these free Web pages, according to security vendor McAfee.
For US$25 per week a spammer will sell 50 Web-hosting accounts that can be used to redirect Web traffic to sites that normally would be flagged.
"These 'link providers' create and maintain thousands of free hosting accounts on behalf of the spammers," wrote McAfee's Nick Kelly in a recent posting to McAfee's Avert Labs blog. That posting can be found here: http://www.avertlabs.com/research/blog/?p=88
"They know that the bigger hosts are unlikely to get blacklisted because they have so many legitimate users," he added.
Scammers also use the free Web pages to try to manipulate search engines, by making it look as if their Web sites are widely linked, said Adam O'Donnell, senior research scientist with Cloudmark, an e-mail filtering company.
And while the free hosting providers are taking steps to shut down this abuse, they appear to be fighting a losing battle.
In late June, Cloudmark researchers were seeing about 1,500 phony URLs (uniform resource locators) on any given day on one of the most abused free hosting services (O'Donnell declined to name names). One month later, that number had jumped to 3,500.
Spammers are simply able to out-pace the hosters' security teams, O'Donnell said. "They will gain more hosts for their pages than the company is able to take down," he said.
The free hosters have been placed in a tough position because they do not want to shut down legitimate users, but they also do not have the technical resources to mine spam for Web pages that are being misused, O'Donnell said.
Lately, however, the hosters have been partnering with security vendors to address the problem.
Cloudmark is working with some hosting providers, hoping to sell them "reputation" information that tells them how many times their member URLs are being seen in spam.
McAfee has been providing similar information to an undisclosed service provider, Kelly wrote. "This relationship has cut the abuse observed by us on that provider by over 90 percent in less than a week."
He added, "let's hope those spammers are buying their new watches from pound$hop rather than Bolex this summer."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Best Practice in Building an Integrated Information Management Strategy
Delivering the Power of Choice with Microsoft Dynamics CRM
Controlling storage costs with Oracle database 11g
Strategies for Eliminating .PST Files
Discover the advantages of an open architecture multi-vendor network solution
Solve Exchange Mailbox Storage Issues Once and for All
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
FrontRange Solutions eases software license management with new License Manager 3.0 2008-12-03 14:56:00+11
Progress Software's Cure for Managing Services-based Applications 2008-12-03 14:42:00+11
S3 Graphics Unleashes Full OpenGL® 3.0 API Support with Beta Driver for Chrome 500 Series GPUs 2008-12-03 14:08:00+11
Informatica Powercenter added to Nec Infoframe Solution Suite 2008-12-03 11:36:00+11
Email Archiving Implementation: Five Costly Mistakes to Avoid
Email Archiving is essential for managing email data, but is potentially expensive to implement. Read on to discover the five key areas where email archiving costs can be contained, including data capture methods and default configuration methods.
Buying Guides
