Spam Campaigns using space char to mask links

A new wave of spam relating to the promotion of pharmaceutical products has flooded our emails. The new technique used by spammers to bypass antispam filters is to insert spaces in the string of the link that is spammed, which is in such a way that is not recognized as a url and it is not filtered properly. The type of spam that uses the technique of space is targeted to the promoting of pharmaceutical products like the famous Viagra.

The malicious URL is generally composed by 2 or 3 letters and by 1 or 2 numbers, the TLDs that are mostly used are .com and .net. In the following lines there is an example of a spammed url:

1
2
www. via86. com
www. via87. com

The IP addresses that send these emails are mostly ADSL, this suggests to be a spam campaign that is led by botnets that use the infected computers as a resource to send emails and therefore avoid some antispam filters that control the IP Address of the sender.

As the IP Addresses are mostly ADSL, is very hard for the antispam filters to detect the malicious IP Address, as is very common that an ADSL user can restart the router/modem and having a new IP Address it can avoid such filters.

Random Posts

Previous Posts