It was just a matter of time, and now it’s happening. The WebsenseR ThreatSeekerR Network has started spotting spam messages that lead to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology.
The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a link to the Web site 2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right (image 2). When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed) (images 3 and 4).
Websense customers have been protected against this attack with ACE, our Advanced Classification Engine.
Image 1 – An example spam email message:
Image 2 – When the URL is loaded in the browser, a QR code appears:
Image 3 – Scanning the QR code with a QR reader loads the pharmaceutical spam URL in the browser:
Image 4 – The loaded URL offers pharmaceutical drugs:
Leave a reply