I came across the following spam message today. It was sent through a compromised account, and the payload points to a compromised Google Docs spreadsheet (hey, Google, you know spammers are going after that service, right?). Below is a screenshot image:
Peeling apart the message:
This illustrates what I said in my other post, that spammers now use botnets to hack user accounts and hack legitimate services and hide behind them in order to spam. They are spamming by proxy.
On the other hand, this technique isn’t that new. I remember back in the day, when image spam first hit, spammers would send spam from Hotmail accounts they signed up for themselves and send image spam hosted on Imageshack or point to a domain hosted on Geocities. Whatever the technique, these types of messages are still blocked the old fashioned way: using content filtering on the body of the message.
Sometimes the old methods are best.
First of all, THANK YOU for not idiotically require me to sign up just to reply.
Secondly, yes all these techniques are old as the net itself. Looks like they carrousel the techniques in order to avoid detection. So, old rules may not apply today, but they can apply tomorrow.