By Andrew Brandt
Word came down from our Threat Research team this morning about a new spam campaign that uses upstart Bing search engine’s own redirection mechanism to bypass spam filters and send undesirable links over email. On top of that, the spammers are also abusing MySpace’s lnk.ms link shrinking system to further obfuscate the destination that the spammed link points to.
When you view an RSS feed in Bing (such as their news feed, for example) all the clickable links in the feed use Bing’s internal redirection mechanism, so before you end up on the news story you want to read, your browser first connects to
http://www.bing.com/news/rssclick.aspx?redir=
followed by the full URL of the site you intend to visit.
The thing is, anyone can plug anything into the end of that URL, and it’ll redirect to that site. For instance, you could come back to the front page of this blog. Of course, there’s nothing in place to prevent a criminal from redirecting users to something worse, like a drive-by download or phishing page. But in this case, recipients who click the link end up bounced through MySpace’s link shrinker, and finally into a site selling a “work at home making money from Google” pyramid scheme.
