Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Using Google cache and invisible text for spam redirect

This title of this email caught our eye – “privacy” – certainly an amusing way to introduce spam. Closer inspection revealed two interesting tricks, no doubt intended to fool content-based spam filters.

The first is the use of almost invisible, random text to break up words which might be detected by spam filters. As shown below the word “product” appears to have a space in the middle of the word (as do the words “extremely”, “congratulate”, “excellent” and “future”). The space is actually made up of 6 numbers and letters – all with a font size of 1 and colored white. We have enlarged the text and colored it red to make it visible.

The second trick used is the inclusion of links that appear to lead to a Google site. Here again these URLs will not trigger most spam filters that almost certainly whitelist the Google domain. Google’s cache stores snapshots of webpages allowing searchers to access content that may have changed since it was scanned by Google. In this example the link includes Google’s cache code: pzSrP–rcwJ. The inclusion of the text “:google.com” at the end of the link is purely “cosmetic” and does not affect the destination.

The links lead to the cached version of a seemingly blank page from a site called “giacomo–.chez.com”.

This cached site includes an embedded script that redirects visitors to their final destination – the Ultimate Replica site. Note the Christmas decorations…

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...