Spammers Abusing Google's Web 2.0 Services

Web 2.0 aims to enhance user creativity, information sharing, collaboration and functionality of the Web. These features enable social networking, video sharing, blogs, Web publishing, plus other popular methods of information and content creation, editing, sharing and distribution. This power is being abused by spammers and malware authors to carry out various attacks, which pose a threat to Web 2.0 functionality.

Predictions about spammers switching their strategies to carry out different attacks have proved to be accurate in recent times. These predictions were made originally at the time of Google’s Anti-CAPTCHA operations to gain access to Google’s e-mail, Web and Web 2.0 services. Spammers are now using such operations for a variety of social-engineering attacks, an increasingly common trend with Google’s various Web 2.0 services. CAPTCHA breaking has allowed spammers to take advantage of the good reputation of Google’s services.

Signing up for an account with Google’s free mailing service, gmail, provides users with access to the other services offered by Google. This availability allows spammers and malware authors to advertise their products and services using gmail, Blogger, Google Docs, Google Sites, Google Pages and YouTube services. From a spammer’s perspective, reaching their prospective customers with increased success over the e-mail, Web and Web 2.0 space is always a mindset. Spammers and malware authors, with a unified strategy, execute their tactics and constantly keep switching among them, emphasising on improving their underground economy.

Recently, spammers have used a combination of different Google Web 2.0 services to carry out a range of attacks. Spammers are creating bogus accounts on YouTube and Blogspot to promote their services, abusing both the services. The bogus accounts on YouTube advertise multiple videos of same theme with ‘inappropriate’ content, clearly abusing the terms and conditions of YouTube services. The profiles of these bogus accounts on Youtube advertise the bogus Blogspot accounts, which act as doorway pages to spam domains. These bogus Blogger accounts make up a set of interlinked spam blogs or splogs, forming a splogospere aiming to promote the actual spam domain, clearly abusing the terms and conditions of Blogger services.

For additional details and information on this blog please visit: http://securitylabs.websense.com/content/Blogs/3200.aspx#

Security issues are bound to arise when users are given privileges such as content creation, direct HTML editing, or uploading files and content distribution. These capabilities are being abused by spammers and malware authors to carry out various attacks, which pose a direct threat to Web 2.0 functionality. While continuous efforts are made by various Web 2.0 service providers to combat the abuse of their services, spammers, phishers and malware authors carry out various attacks over them, proving their adaptability, which can be clearly seen as an iterative cycle in the e-mail, Web and Web 2.0 security arena.