• by Ray Schultz , Columnist, September 24, 2021

Spammers are using Google members as “human shields” while abusing free resources belonging to Google, according to a new report from Spamhaus, the IP and domain reputation authority. 

The spammers deliberately use “legitimate users at Google to prevent blocklists from listing the IP addresses and domains used in this spam,” Spamhaus says in a post published on Thursday.  

Google had not responded to a request for comment at deadline.  

According to Spamhaus, the free Google resources being abused include:

• Google outbounds — An growing volume of spam email is sent directly through Google's shared outbound servers.
• Gmail dropboxes — Spamhaus writes that a “large percentage of all dropbox email addresses used in the Reply-to: headers and message bodies of spam are free email addresses at Google's GMail service.”
• Gmail senders — A large amount of spam is sent from free webmail accounts at Google Gmail, Spamhaus says.
• Google Groups — Several large operations send spam “partly or entirely through purpose-created groups at Google Groups,” Spamhaus alleges.
• Google Docs, Drive, and Forms —Spam, including malware and phishing spam, contains URLs pointing to content hosted on these resources. 

Spamhaus says SvedsMarketing, the main name used for this spam, has been on the Spamhaus radar for several years. 
Spamhaus has compiled a register, or database, of known threats called ROKSO. 

However, SvedsMarketing cannot list the sending iP addresses or domains because those belong to Google and “are used by large numbers of innocent, non-spamming users,” Spamhaus writes. 

What can legitimate email senders do?

Spam can be filtered using the Spamhaus Hash Blocklist, which is available to customers of Spamhaus Technology corporation. And such spam filters as rSpamD provide internal signature-based protection. 

But, Spamhaus notes, most of the tools to block spam sent through providers like Google rely on content filtering, an inherently error-prone process. 

Content filtering will “miss spam unless the filters are extremely carefully and aggressively maintained, or will catch legitimate email (cause false positives) if the filters are too aggressive,” Spamhaus writes. 

Last month, Validity and Spamhaus formed a partnership to help brands ensure their emails are secure. 

In a separate development, Google said on Thursday that hackers have created a new technique for avoiding detection: malformed digital signatures of their malicious payloads. 

“Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta wrote in a Thursday blog post.  

Google states that the new mechanism “was observed to be exploited by a notorious family of unwanted software known as OpenSUpdater that's used to download and install other suspicious programs on compromised systems..”  

It adds: “Most targets of the campaign are users located in the U.S. who are prone to downloading cracked versions of games and other grey-area software.”