In an earlier blog post, I mentioned that spammers are now using Shockwave Flash (SWF) files to avoid detection (similar in nature to the trick of using Google redirects, etc. in the past). This continues. Here’s a current example:
This is a typical spam you see these days, pushing an install of trojan that, if installed, typically downloads a rogue malicious antispyware program.
Clicking on the link takes us to a SWF file hosted on ImageShack:
As you can see, it’s just junk text displaying. It’s entire purpose is to push the download of that install.exe file (the trojan).
If we take a wee peek inside that SWF file, we see what’s going on:
So the malware authors have a nice place to redirect from -- a file hosted on Imageshack.