Tweet

The previous spam run that used ImageShack-hosted SWF URLs must have worked like a charm — the technique is seen again being employed for another spam run, TheRegister reports.

It is actually more of the same messages seen previously containing links to SWF files hosted on ImageShack which are being spammed. This time, however, the SWF files don’t trigger a file download.

Instead, they cause the affected users’ browser to redirect to Web sites promoting things from Viagra to free software updates. Below is a screenshot of a sample email, followed by a rough translation of the German message:

Order online – original quality – 100% effective

Our customers:

- Sex is satisfying than ever. Stress and pressure to disappear. It is never again frustrated, i have no fear of failure. It is a wonderful physical experience, the as feeling follows.

- The best VI. is that “with autopilot flies given relaxed and without concerns matter can be that the stand also holds, even if one is interrupted (the children knocking to the bedroom door, the dog is barking, the condom is bad). If you VI. aware applies, it can also the partner to a great gift. Only a Council: say your not that you use it, the female self-enhancement is just as vulnerable like ours.

Offers of the month: new – VI. Super Active 100 mg 30 tab. 81,08 euro
VI. 10 table 100 mg CI. Table 10 x 20 mg 48,95 euro VI. 10 22,00 Euro tab.
VI. 30 table 55.00 euro you save: 17.00 euro
VI. 60 table 82,70 euro you save: 53,00 euro
VI. 90 table 118,20 euro you save: 85,00 euro

CI. 10 – 27,80 euro
CI. 20 – 54,00 euro you save: 2,00 euro
CI. 30 – 72, 90euro – you save: 11.00 euro

- discrete packaging – no embarrassing doctor visit required
- free, arztliche telephone consulting
- no long wait for delivery within 2 – 3 days
- convenient and discreet online.
- discrete payment
- Visa verifizierter online shop
- no hidden costs

Order today and don’t forget your disappointment, continuing versagensängste and repeated embarrassing situations

Click here and you receive four tab. umsonst

Although ImageShack already removed the malicious files hosted on their site, this is most probably not the last time we’ll see this SWF technique. As Trend Micro Advanced Threats Researcher Joey Costoya explains, “This SWF technique now becomes one of those techniques spammers will continue to use for some time.”

Spammers as well as malware authors have previously abused the redirection services for a more effective disguise and to evade blocking by spam filters. Below are just some of those instances:

• Malware Abuses DoubleClick’s Open Redirects
• Just Got Unlucky (The AOL Version)
• Just Got Unlucky

These spammed messages are now being blocked by the Trend Micro Smart Protection Network.