Spammers are relying on free web services that let net users upload files in a bid to stump anti-spam programs, says MessageLabs.
According to the security vendor services such as photo-hosting site ImageShack, which lets people upload different types of photo formats, including Flash files, are being commandeered by spammers.
Flash files, which have the extension '.swf', can be used for animated graphics and can also be used to automatically redirect people to other websites. That feature can be abused said Paul Wood, a senior analyst with MessageLabs.
The attack involving ImageShack works like this: Spammers upload a Flash file then copy the link for that file, which comes from ImageShack's domain, in a spam message. If the link is followed, the Flash file redirects the victim to a spam site, Wood said.
The technique offers an advantage for spammers. Antispam software will often scan links in email and block those with suspicious-looking ones. But ImageShack's domain is considered to have a good reputation, so messages won't be blocked.
"If you start blocking on domain name only, you can incur a lot of collateral damage," Wood said.
Another more dangerous variation on this theme is a spam email promoting a video. If the link is clicked, a Flash file redirects the victim to a site where a pop-up window immediately implores the user to download a codec supposedly needed to play the video file. Invariably, the file isn't a codec but some piece of malicious software.
Even if the spam link in the email appears to be okay, there are many other ways to tell if a message is spam.
The header or batch of information that shows where an email came from and the path it followed, can be used to tell if it came from a domain that has been prone to abuse and subsequently blocked, Wood said.
Google's Picasa photo service and Yahoo's Flickr don't allow Flash files. But that hasn't exempted Picasa from abuse. Spammers use Picasa to host images, which are then incorporated into spam messages, Wood said.
Again, spammers are piggy backing on Google's good reputation. Images that are hosted on less reputable services or domains have a greater chance of being automatically blocked by security programs.
MessageLabs has also seen a similar type of abuse of Microsoft's Windows Live SkyDrive, which is an online file storage service, Wood said.
The scenario is almost the same: the link is connected with a file on SkyDrive, but then the link performs an HTML redirect to a dodgy site. SkyDrive also allows Flash files to be uploaded, offering another possible way to attack.