09 Jan 2012 05:48 PM
It was just a matter of time, and now it's happening. The Websense® ThreatSeeker® Network has started spotting spam messages that lead to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.
The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a link to the Web site 2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right (image 2). When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed) (images 3 and 4).
Websense customers have been protected against this attack with ACE, our Advanced Classification Engine.
Image 1 - An example spam email message:
Image 2 - When the URL is loaded in the browser, a QR code appears:
Image 3 - Scanning the QR code with a QR reader loads the pharmaceutical spam URL in the browser:
Image 4 - The loaded URL offers pharmaceutical drugs: