Google blocks JavaScript spam attacks with Postini update
Hybrid attack mixes virus and spam
By Jon Brodkin | Network World US | Published: 11:19, 20 July 2010
Google's email security team has updated the Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months.
Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript.
"In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected," Google said in its official blog. "Since the messages contained classic JavaScript which generates code, the messages could change themselves and take multiple forms, making them challenging to identify."
Related Articles on Techworld
"Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning, which allowed us to write manual filters and escalate to our anti-virus partners quickly," Google continued. "In addition to this, we updated our Postini Anti-Spam Engine (PASE) to recognise the obfuscated JavaScript and capture the messages based on the underlying code to ensure accuracy."
Spam volume increased 16% between the first and second quarter of 2010, according to Google, which tracks 3 billion e-mail messages per day with its Postini e-mail security and archiving services. But spam levels have declined year-over-year, dropping 15% between Q2 2009 and Q2 2010.
There's a much different story on the virus front. Virus traffic in Q2 2010 was more than two and a half times greater than it was in the second quarter of last year, but has remained steady since the first quarter of 2010, increasing only 3%.
"Spam and virus volumes this year have continued their upward trend," Google says. "These trends tell us that the spammers are still extremely active, and their botnets produce high levels of spam and virus traffic."In addition to the obfuscated JavaScript attacks, Google says spammers are relying on "the classics," such as false social networking messages, e-mails related to current events, and shipping scams.
There's also been a rise in "friend-in-need" phishing attempts, in which a hacker breaks into someone's e-mail account and hand types a message to the victim's contacts asking for money. Google has released "several updated filters" to combat these new waves of spam.
"Spammers continue to exploit techniques that have proven results, but as we have seen with obfuscated JavaScript attacks spammers are always experimenting with new techniques to stay ahead of security measures," Google says.
