In this new tactic, spammers are setting up bogus Live Spaces (also known as MSN Spaces to older members) accounts then hosting an image in the blog section of the page. This new form of spam is being used to promote online casinos and credit cards.
Below are screenshots of the spammed email:
Figure 1. Sample spam containing link to bogus Live Spaces account
Figure 2. Another sample spam containing link to bogus Live Spaces account
When the user clicks the link inside the mail, it will redirect to the bogus Live Spaces Blog Account where the image endorsing online casinos and credit cards is placed:
Figure 3. Bogus Live Spaces account linked to in the spam in Figure 1.
Figure 4. Bogus Live Spaces account linked to in the spam in Figure 2.
Furthermore, when the image in Figure 4 is clicked it connects the user to the endorsed site (as of this writing the account in Figure 3 leads to a URL that is already down):
Figure 5. Online gaming spam site
The usage of Live Spaces accounts in spam runs is yet another tactic employed by spammers to evade spam filters. This improper use of legitimate services has been used in past spam runs, some of which are reported below:
- More Spammed ImageShack SWF URLs
- Spammed SWF URLs Abuse ImageShack, Lead to Rogue AV
- Turkish Hackers Relive Memories in Photobucket
- Fake Bebo Profiles Spam Early, Spam Often
These spam however, will have no chance of ever getting to users’ inboxes as the Trend Micro Smart Protection Network already blocks this. Other users are advised to delete similar messages that do get to their inboxes. Windows Live Spaces users should be aware of these and similar schemes.