Spam via Google Docs

We are observing a new method to host spam information using Google Docs. Google Docs is an online application which allows users to create and share documents online.

Quoting Google about what does this application allow to do:
“• Upload from and save to your desktop
• Edit anytime, from anywhere
• Pick who can access your documents
• Share changes in real time
• Files are stored securely online
The biggest asset of it is: It’s FREE!”

And this is exactly why the spammers use it.

Fig.1: Spam using Google Docs

Fig.1: Spam using Google Docs

Once accessed, the content hosted by Google is a simple HTML document, as shown in Figure 2.

Fig.2: HTML page hosted on Google Docs

Fig.2: HTML page hosted on Google Docs

Why are the scammers going through this trouble? The Google domain will never be blocked by an antispam product. Furthermore, an antispam product which sees such a “non-spammy” link inside the email will likely mark the email in favor of ham instead of spam. Just to confuse the web filters which can heuristically detect the website as spam, they added also some junk text at the end of the document.

This is already the second attempt to misuse Google online application. We have seen in the past spams using Google Calendar, another online application.

Sorin Mustaca
Manager International Software Development