back to article Merde! Dummkopf! Google Translate used as spam cloak

Spammers are using Google Translate to disguise links to dodgy websites. All sorts of internet pond life, particularly purveyors of blue pills purporting to pump blokes' performance between the sheets, are relying on the reputation of Google's language translation service to smuggle web links through mail filters. Security …

COMMENTS

This topic is closed for new posts.

This post has been deleted by its author

Silver badge
Headmaster

" because it may easily be used to lute users into visiting malware-tainted websites."

Clearly a security violination.

32
0
Anonymous Coward

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Try not to fret about it.

15
0
Bronze badge
Joke

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

The ought to be strung up.

12
0
Joke

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

I want to know who is orchestrating it all

12
0
Silver badge

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Will you lot please remember to conduct yourself in a civilised manner.

7
0
Silver badge
Coat

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Don't have a tempo tantrum.

7
0
Silver badge

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

I just tune it all out.

2
0
Headmaster

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

All you guys should be band.

5
0
Silver badge

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Ha!

Pot calling the kettle drum black!

1
0
Silver badge
Coat

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Hmmm, how about we stop this sillyness and compose ourselves.

0
0
Silver badge

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

We did... But only for a minuet.

1
0
Silver badge

Re: " because it may easily be used to lute users into visiting malware-tainted websites."

Exactly. Time to face the music.

On that note, I'm off.

0
0

Zut Alors

Cor blimey.

0
0
Silver badge

So the moral of the story

Don't click URL's in weird e-mail messages.

But isn't that something most people realize by now ?

4
0

Re: So the moral of the story

Since the spammers are still at it, they're presumably earning enough that it's worthwhile. Ergo, the answer to your question is: apparently not.

7
0
Facepalm

Re: So the moral of the story

I know, my first thought was "What? People still click on links in dodgy emails? Huh!"

Next they will be confused as to why their pc starts running really slow and why their apps keep failing. Then they come to us and ask can we rebuild their PC. I always say yes and hand them back a PC with Linux on it (along with a demand for a crate of decent claret, well we all have our price) with all the settings nailed down and they have only a user password. Sorted.

3
2
Silver badge
Windows

Re: So the moral of the story

I can only dream. You lucky bastard.

0
0
Silver badge
Stop

Re: So the moral of the story

how does linux stop idiots clicking on links and giving their credit card details to fake online pharmacies? surely even linux idiots are the same as windows idiots in this instance? All that will happen is that you wont get any repeat customers (you create an image after the first rebuild yes?) for habitual malware clickers.

2
0
Anonymous Coward

"We've tested many of these links in the lab, and it appears that Google may be implementing code that defeats frame-busting..."

If that's true, then I should just like top say thank you Google.

1
1
Silver badge

Frame-breaking has legitimate uses

I use frame-breaking code on the top-level pages of all our websites, to prevent unscrupulous operators from framing our sites to make it look like part of theirs, or to spy on or capture information about users of our sites. Big companies like Google and Microsoft have been just as guilty of this as the spammers and other scumbag operators are. So our frame-breaker helps protect your privacy and provides you with assurance that you are on the correct site, when you visit one of our sites.

Rest assured, if Google do find a way to override our frame-breaking code, we will be engaging in R&D to circumvent this and ensure our sites continue to break out of other sites' frames, including Google's.

2
0
Anonymous Coward

Re: Frame-breaking has legitimate uses

Lets home no malware authors, figure out how you break out of Googles frame-breaking code, eh?

0
0
Silver badge
WTF?

>We certainly hope this technique is not discovered by malware distributors," the Barracuda researchers explained in a blog post.

"Don't tell him, Pike"

15
0
Linux

Translate-malware-tainted websites?

But this translate-malware is only of use on Windows, yes?

1
4
Silver badge

All of this is...

A never ending arms race. The spammers on one side, and the anti-spammers on the other.

It all boils down to a simple truth. People SPAM because it works. Yes, the yield is low, but the spammers have numbers in their favor. Send out a million emails, and even if you get 0.1% yield, it still is a big enough number (1000) to earn money, or rape users computers.

If we all went back to plain text email (so you had to do things like select then click on a link, and it couldn't be obfuscated, it might be better. The problem is that nobody wants to do this as it makes it very inconvenient. So, we live with spam (hoping to not contribute to is exploitation), and use all sorts of "anti" programs. Life goes on.

So, teach your children well, and don't click that link.

3
0

If we all went back to plain text email ... The problem is that nobody wants to do this

I do.

8
0
Silver badge

I never left plain-text mail

4
0
Silver badge

I too am an ASCII luddite in a HTML office.

3
0
Bronze badge

I went to plain text just to ward of the gigantic signatures that are nothing but a single image (To make sure the formatting stays and to prevent people from stealing their contact info [I know, but they won't listen]).

My email client is does allow clicking and following links in plain-text emails, but it can't be obfuscated.

1
0
Go

Make mine plain text as well.

I happen to be a UTF-8 luddite. I don't mind Unicode emails, but I don't like HTML emails.

Google have got themselves into a little bit of hot water with their new Composer interface, which they try to force on to their users. There is a "plain text" option, but it appears to be HTML underneath. People are not happy.

1
0
Silver badge

Re: Make mine plain text as well.

we have a simple VBS rule (run script) that runs on outlook incoming mail. If the sender is on the users contacts list (or internal) then the mail is left alone, if not then the mail is converted to plain text.

0
0
Silver badge

Re: Make mine plain text as well.

> I happen to be a UTF-8 luddite. I don't mind Unicode emails, but I don't like HTML emails.

UTF-8 is fine, however I find that its suitability is highly dependent on the fonts one uses at the other end. What looks perfectly fine is going to come out as mojibake on the other end.

0
0
Alert

javascript trouble

I just heard of a far more problematic issue regarding a very simple javascript method..

the java 'on click' method that changes the clicked on URL at the moment of clicking thereby redirecting what appears to be a valid link, even hovering over the link will show what you think is the correct destination but presto whammo! click it and it sends you elsewhere!

Hope my NoScript can cope with this problem..

0
0

Re: javascript trouble

Hold down the mouse button; the URL changes on the mousedown(); and the URL is followed on mouseclick(). You should be able to see the URL changing before your very eyes! (Or so it does with Google)

0
0
Bronze badge
Holmes

Give US the weapons to break the spammers business models

If the google was less EVIL or Yahoo was a bit closer to bankruptcy, then they would get sincere about stopping the spammer and increasing the value of the Internet for EVERYONE. Microsoft deserves some credit for hurting spammers upstream, but it is downstream where the spammers connect with the tiny supply of suckers, and Microsoft could do much better there.

Imagine some anti-spammer tools integrated into the email system. Tools that would go through several iterations and let you use your human intelligence to describe the spam and target the countermeasures and BREAK THE SPAMMERS' FINANCIAL MODELS. Imagine feedback on how often YOU are the first one to break a spammer's redirection link. Imagine opt-in for spam removal when the garbage is confirmed by other human spam fighters. Imagine faster work against the spammers' dropboxes and websites BEFORE the suckers can get back to the spammers.

We can do all of these things. You don't have to, but I would, and just a few more people like me would easily outnumber the extremely few suckers the spammers are so desperately searching for. I don't mind if you benefit, too. I just want to break the spammers.

How about you? Wouldn't you like better tools to make the world better? Can ANYONE point at ANYTHING good the spammers are doing?

1
0

This post has been deleted by its author

Silver badge
Go

Re: Give US the weapons to break the spammers business models

Spammers deserve a special place in hell.

That said, I've found Postini to be the most effective anti-spam filter out there. I was using it before Google was. Everything else is a joke compared to it.

1
0
FAIL

Re: Give US the weapons to break the spammers business models

" Imagine faster work against the spammers' dropboxes"

Unfortunately, Yahoo are absolutely useless at doing this; unless the spam actually originates from a Yahoo account, passing through their servers, THEY DO NOT CARE. Back in the days when they had a 'functioning' abuse@ address, I used to report the 419 scammers who offered an @yahoo dropbox. The gibbons at Yahoo would just send a rubber-stamp reply saying "This did not originate from our servers therefore it is not our problem." Sometimes, if I persisted, I might get a second rubber-stamp message to say "We'll have a look."

Now, Yahoo no longer accepts spam reports via abuse@ and requests submissions via a web-form. After much searching of their site, I eventually found a spam-reporting form. All reports go into a big hole and I have zero confidence that they are even read, let alone parsed for drop-box addresses. Yahoo only seems to offer advice for users of their web-based email. Telling me to "Click the spam button" does not help me; there is no "spam button" on Thunderbird.

That's why I hate Yahoo.

0
0

Hotlist of dodgy websites

Firefox (and I would assume Chrome) check with a list of dodgy sites and warn the user that they really shouldn't visit this site. Now, this depends on kind-hearted souls who know dodgy-meds/419 etc. spams when they see them deliberately following them to report the final sites.

0
0
Pirate

Other uses of Google Translate

By the way, you can also use Google Translate to get round ISP blocks. In the Netherlands, some ISPs have been required to block The Pirate Bay; however, if you go to it via Google translate there's no block.

0
0
Silver badge

Re: Other uses of Google Translate

Do dutch VPN exit points obey this blocking too?

0
0
This topic is closed for new posts.

Forums