Review: A Taxonomy of JavaScript Redirection Spam

Authors: Kumar Chellapilla, Alexey Maykov

Year: 2007

Published in: Proceedings of the 3rd international workshop on Adversarial information retrieval on the web

Link: http://airweb.cse.lehigh.edu/2007/papers/paper_115.pdf

Importance: High

Abstract

Redirection spam presents a web page with false content to a crawler for indexing, but automatically redirects the browser to a different web page. Redirection is usually immediate (on page load) but may also be triggered by a timer or a harmless user event such as a mouse move. JavaScript redirection is the most notorious of redirection techniques and is hard to detect as many of the prevalent crawlers are script-agnostic. In this paper, we study common JavaScript redirection spam techniques on the web. Our findings indicate that obfuscation techniques are very prevalent among JavaScript redirection spam pages. These obfuscation techniques limit the effectiveness of static analysis and static feature based systems. Based on our findings, we recommend a robust counter measure using a light weight JavaScript parser and engine.

My Review

This paper only demonestrate the problem of redirect spam without any solutions. Authors categoriez redirection spam into 3 categories:

1. HTTP status code
2. META refresh
3. Javascript

They mentioned that finding type 1 and 2 is very simple. But few works has been done on type 3.

They used blog spot as their data set and try to find amount of type 3 redirection spam.

The main problem of type 3 redirection spams back to nature of javascript. by using varioty techinques spammers can hide their redirection page. (e.g. one can encrpyt redirection script).

Suggestion

As paper suggestion, there are other category of redirection. such as server side redirection. so future study in thies area would be intrested.

server side