Tag Archives: yolasite spam

Google Translate used by spammers to bypass Anti-Spam filters

Google Translate is a free service created by Google that translates any web page, content or document from native language to a language specified by the user that is using the service. We have noticed that some spam messages contain links to websites that use the service Google Translate to translate their page content, but those links are used to promote fraudulent pharmaceutical products, and they seem to use Google Translate to masquerade the malicious website.

In short, when you translate an URL with Google Translate, it appends the URL of the web page in the HTTP query string, but the initial domain name remains translate.googleusercontent.com, so the anti-spam filters may be bypassed because the URL of Google Translate is classified as legitimate.

To get a better idea about what I am talking about, check this image:

translate-google-used-for-spam

We have extracted some URLs from the spam messages and they are all subdomains of yolasite(dot)com, they are used to promote selling of fake pharmaceutical products and subscriptions to fraudulent casino websites:

hxxp:// myonlinestore1. yolasite.com/shop
hxxp:// onlineshop63. yolasite.com/shop
hxxp:// onlinecasino27. yolasite.com/casino2

Never click on links that start with the domain “translate.googleusercontent.com”, because they may use Google Translate to translate a malicious website and exploit vulnerabilities in your web browser or other applications installed in your system (such as Adobe Flash, PDF Readers, Java) to infect your PC.

If you want to translate a website, you should visit directly with your browser the website of Google Translate and type the URL that you want to translate. Avoid clicking on links related to Google Translate, present in emails or in other unknown websites.