Grassing up spammers still works
Thursday September 14, 2006 at 1:32 pm CST
Posted by Chris Barton
Whilst investigating how spammers are abusing free web site hosting providers, McAfee Avert Labs has discovered that very few spammers have the technology or resources to abuse the free web hosting providers in an automated or bulk manner. This leads to a vertical marketplace where a spammer (with the necessary skills) can sell this alternate form of web site hosting to other spammers. These “link providers” create and maintain thousands of free hosting accounts on behalf of the spammers, which are then used to redirect to spam web sites. The providers can update the redirects, so that when the final spam web pages are taken down by ISPs, web hosts, or domain resellers, the redirects can be updated to link to another live spam web site.
For this service, plus 50 accounts per day, one particular “link provider” charges $25 a week or $0.04 per link ($25 is roughly the cost of 3-4 real domain names). Some spammers like the free hosting providers - they know that the bigger hosts are unlikely to get blacklisted because they have many legitimate users.Grassing them up: After some discussions we started sending data to one of the larger free hosting providers about accounts seen in our vast network of spam traps. Within about an hour, they had regularly confirmed our data and taken down the accounts. This relationship has cut the abuse observed by us on that provider by over 90% in just over a week. Let’s hope those spammers are buying their new watches from pound$hop, rather than Bolex, this summer!
October 4th, 2007 at 6:45 am
[…] Trackback Over the last couple of months, we have discussed a few times about how public and commercial web hosting services can be abused to host malware, exploits and send spam. […]