Spammers Hijack Legit Sites To Hide Their TracksSpammers Hijack Legit Sites To Hide Their Tracks

Spammers are hijacking legitimate Web sites to disguise their traffic and throw off anti-spam and antivirus filters.

Security company Sophos issued an advisory Thursday morning, warning IT managers and Webmasters that spammers have a new trick up their sleeves. Using PHP vulnerabilities, they're hacking into various Web sites and patching their own traffic through them.

Graham Cluley, a senior technology consultant for Sophos, explained in an interview that e-mail messages in these new major spam campaigns look like all the other spam out there, but generally are selling prescription drugs online. If a user clicks on the link in the e-mail, he is first sent to a page on a legitimate Web site and then quickly routed to the spammer's own site. Cluley says sites like dickcheneyshotmetoo.com and dreamchaserhouseboats.com have both been hijacked.

Companies "go through them because antivirus products and filters will look at the links inside e-mails to see if it's linking to a known spammer's site," said Cluley. "If you see a link to a known spam site, you just block it. How simple. ... It can certainly cause problems for anti-spam filters. They're used to spammers taking people more directly to their sites. And this is just one hop. In theory you could hop umpteen times across the Net before you get to their site."

He added that people clicking on the links might notice a different URL quickly flash by, but other than that wouldn't notice anything unusual.

The images embedded in the e-mails, which generally are of prescription drugs such as Viagra, are even being hosted on legitimate Web sites. One major spam campaign, according to Cluley, has housed the image in its e-mails on a professional photographer's Web site. Again, it's all to fool the antivirus and anti-spam software.

"Antivirus looks for the source of that image, but they've put the image up on someone else's site. It looks legitimate," said Cluley.

He added that IT managers and Webmasters should make sure their software is updated and patched, paying particular attention to PHP bugs. And, of course, he's warning users not to click on links in spammed e-mail messages, noting that some people have died from taking dangerous drugs that had been fraudulently sold online as real prescription medications.

"The problem of drugs being sold by spammers is very serious," he added. "Be very, very careful about buying this sort of stuff online as you're health is at risk. Who knows where they're getting it and who knows what they're actually giving you. People have died from taking pills they bought online from spammers."