Spammers bypass filters with SWF file redirects

Spammers are stepping up their use of Shockwave Flash (SWF) file redirects to avoid detection, security researchers said this week.

Alex Eckelberry, president of Sunbelt Software, a security software provider, said the SWF files embed a barely visible box that pushes the installment of a trojan.

“Previously what they have done was have a direct link to the trojan,” Eckelberry told SCMagazineUS.com on Thursday. “But because those URLs are now blacklisted so rapidly, the spammers needed a way to bypass the filters. They use these little SWF files.”

Like other spammer ploys, the purpose of the SWF redirect is to trick users into installing malicious software.

“In many instances the malicious software that is installed will be fake anti-spyware or fake anti-virus software that has infected the user, tells them they are infected, and suggests they pay for the full version of the product to clean their computer,” Randy Abrams, director of technical education at ESET, a threat protection provider, told SCMagazineUS.com.

Adam O'Donnell, director of emerging technologies at Cloudmark, a message security company, said Shockwave works because filters are not used to it.

“There are just not as many analysis tools as there are for Javascript or HTML, for example,” he said. “I will be interested in what comes next after Shockwave.”

Sign up to our newsletters

More in News

Former Expedia IT employee admits to hacking execs from the inside

Former Expedia IT employee admits to hacking execs ...

A former employee of travel company, Expedia's IT department has plead guilty to hacking into his bosses email accounts and using private information to play the market.

India Supreme Court calls on tech giants to curb sexual assault, cyber-crime

India Supreme Court calls on tech giants to ...

India's Supreme Court Monday issued a notice to Google, Microsoft, Yahoo, and Facebook on a plea seeking to curb the sharing of videos displaying sexual assault and cyber-crime.

IoTSF conference: EU should become de facto regulator

IoTSF conference: EU should become de facto regulator ...

Companies will produce products that meet the strictest requirements of the regions in which they want to operate, and the EU should take advantage of this to regulate IoT, speaker ...