Jul24
1:18 pm (UTC-7)   |   by Aljerro Gabon (Anti-spam Research Engineer)

Spammers have never balked at using Web forms as a way of sending out spam messages–anything to expose their wares. Basically, they will look for a public Web server that allows them to provide feedback or information to a certain company. These Web forms require them to fill up certain fields with information such as names, phone numbers, email addresses, and–wait for it–even spam messages. Even worse, spammers can also send image spam and/or infected files if the Web form contains a field that will allow them to attach such files. If they have finished filling up the form and submitted it to the Web server, recipients of the Web form will now receive the spam.

Strictly speaking, the messages they get are not spam email. What they get are another type of threat/annoyance. Here is a sample Web form:


Figure 1. Web form allowing all sorts of input from site visitors

Here are two sample Web form feedback email that has spam content:


Figure 2. Sample email with spam content sent by the Web form feedback mechanism. Notice the active hyperlinks to spam sites and domains.


Figure 3. Another sample email with spam content

The possible victims here are the employees of the target company, specifically the designated recipients of the Web form feedback. This looks like an automated attack by a bot that scours the Web for possible points of entry. Since the actual sender of email like this is legitimate (the Web form’s feedback mechanism), some anti-spam filters may actually let this email through.

Again, this is a reminder for Web admins to enforce some kind of input sanitization to, at the very least, disallow the use of scripts and HTML tags in Web forms, or to use one of the many secure form-to-email scripts available online. Some require users to decode a CAPTCHA code before being allowed to submit the filled-up form. These proactive measures will save admins both the time and resources needed to sift through these kinds of unsolicited and useless content.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, July 24th, 2008 at 1:18 pm and is filed under Spam . You can leave a response, or trackback from your own site.



Leave a Reply


Banker Summons You to Court
Malware Abuses DoubleClick’s Open Redirects


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice