Review: A Taxonomy of JavaScript Redirection Spam

Authors: Kumar Chellapilla, Alexey Maykov
Year: 2007
Published in: Proceedings of the 3rd international workshop on Adversarial information retrieval on the web
Link: http://airweb.cse.lehigh.edu/2007/papers/paper_115.pdf
Importance: High

Abstract

Redirection spam presents a web page with false content to a crawler for indexing, but automatically redirects the browser to a different web page. Redirection is usually immediate (on page load) but may also be triggered by a timer or a harmless user event such as a mouse move. JavaScript redirection is the most notorious of redirection techniques and is hard to detect as many of the prevalent crawlers are script-agnostic. In this paper, we study common JavaScript redirection spam techniques on the web. Our findings indicate that obfuscation techniques are very prevalent among JavaScript redirection spam pages. These obfuscation techniques limit the effectiveness of static analysis and static feature based systems. Based on our findings, we recommend a robust counter measure using a light weight JavaScript parser and engine.

My Review

This paper only demonestrate the problem of redirect spam without any solutions. Authors categoriez redirection spam into 3 categories:

  1. HTTP status code
  2. META refresh
  3. Javascript

They mentioned that finding type 1 and 2 is very simple. But few works has been done on type 3.

They used blog spot as their data set and try to find amount of type 3 redirection spam.

The main problem of type 3 redirection spams back to nature of javascript. by using varioty techinques spammers can hide their redirection page. (e.g. one can encrpyt redirection script).

Suggestion

As paper suggestion, there are other category of redirection. such as server side redirection. so future study in thies area would be intrested.

server side

Advertisements

2 Responses to Review: A Taxonomy of JavaScript Redirection Spam

  1. Mark says:

    I do not see in the document any effective methods or techniques to counter the redirection spam. As long as the authors of popular browsers, insist, on having active content enabled with the installation of the browser packages spammers will be very happy. The pdf article, just touches the surface of the active content potential abuses. Combinations that can be applied with jscripts are only limited by the spammer’s imagination.

  2. Pedi says:

    Yes of course. This paper is just problem statment paper not solution. In other work such

    Characterizing Web Spam Using Content and HTTP Session Analysis
    Authors: Steve Webb, James Caverlee, Calton Pu
    Year: 2007
    http://debii.curtin.edu.au/~pedram/research/1-webspam/24-review-characterizing-web-spam-using-content-and-http-session-analysis.html

    you can find some solutions for Redirection spam:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: