Folks, this is the new wave: SWF file redirects continue

In an earlier blog post, I mentioned that spammers are now using Shockwave Flash (SWF) files to avoid detection (similar in nature to the trick of using Google redirects, etc. in the past). This continues. Here’s a current example:


This is a typical spam you see these days, pushing an install of trojan that, if installed, typically downloads a rogue malicious antispyware program.

Clicking on the link takes us to a SWF file hosted on ImageShack:


As you can see, it’s just junk text displaying. It’s entire purpose is to push the download of that install.exe file (the trojan).

If we take a wee peek inside that SWF file, we see what’s going on:

movie 'mal.swf' compressed // flash 6, total frames: 3, frame rate: 50 fps, 978x580 px

So the malware authors have a nice place to redirect from -- a file hosted on Imageshack.