IronPort identifies new URL outbreak
Dubai, April 24, 2008
IronPort Systems, a Cisco business unit and a leading global email and web security provider, has detected unsolicited e-mail, more popularly known as spam, which uses legitimate Internet universal resource locators (URLs) to redirect users to spam sites.
Officially named “Open URL Redirect” and formally detected on March 7, 2008, IronPort reports that the intrusions, which use Google, Yahoo and AOL functions, have been found in one per cent of all spam sent since January 2008.
“Open URL Redirect” contains a single specially-designed URL that both appears and links to a legitimate website. However, the websites automatically forward users to the spammed site through techniques called “open redirect” or an “unprotected forwarder.”
Spammers are also using Google’s “I’m Feeling Lucky” function to redirect viewers to a spammed site; they create the URL contained in the message to include the Google feature to automatically redirect viewers to spam target sites.
“Our technical team has discovered that this new outbreak has been causing damage over the past two months and continues to rise steadily. We continue to monitor and block this new attack technique and advise users to enhance their security measures and be more vigilant of unfamiliar behavior whenever they use their particular Internet search engines. For corporate users, we recommend that they use dedicated email or web appliances to more effectively ensure the integrity of their networks,” said marketing manager Southern Europe, Middle-East & Africa, IronPort Systems, Sebastien Commerot.
A system intruder could use this technique to direct the end-user to a malware-laden site; IronPort email and web security appliances can easily detect and block this and other types of social engineering attacks.
IronPort appliances are automatically updated to prevent both spam email and hostile Web URLs from being passed to the end-user; they automatically adapt to protect end-users and update reports id significant changes are detected or if user risk increases.
IronPort Reputation Filters are combined with content level analysis and IronPort Anti-Spam, to protect customers from an industry best 98 per cent of spam with near-zero false positives.
To stop outbreaks in near real time, IronPort uses a unique combination of automated machine generated rules and human oversight with its around-the-clock Threat Operations Center.
IronPort achieves world-class accuracy by analysing messages on over 200 different parameters including structure, content, sender reputation, URL reputation and patent-pending Multidimensional Pattern Recognition image analysis technology. – TradeArabia News Service