A new (well, to me) spam vector: google.com

This is, I must say, very clever. In my latest round of inbound spam, I’ve noticed that some senders have begun sending valid links to http://google.com/ in their messages. The technique they’re using is to obfuscate a target URL inside a Google “I’m feeling lucky” query: this means that the domain near the left of the URL really is google.com and doesn’t need to be faked, but it immediately reroutes a click to the spammer’s target, which is difficult to read due to some escaping. This is a cute social engineering attack, riding on Google’s brand and domain name to gull the unwary into clicking.

An obvious variant of this technique would be to seed a link farm with statistically improbable phrases, such that an “I’m feeling lucky” search for some innocuous but unlikely term, e.g. “woozy numbat playing kazoo”, would end up with a spammer’s site advertising something rather less wholesome as the number one hit. A spammer could even extend the use of SIPs to provide a canary trap to validate email addresses:if the inbound search term is “feral pet smells linux”, and we only sent that combination to user@domain.com, then the address must be valid.

Posted in web
4 comments on “A new (well, to me) spam vector: google.com
  1. Tên dự án: TTTM và Căn hộ cao cấp Oriental Plaza.

  2. For hottest information you have to visit internet and on internet I found this site as a most excellent website for most up-to-date updates.

  3. What i don’t understood is in fact how you’re not actually much more neatly-appreciated than you may be right now.
    You’re very intelligent. You recognize thus considerably in relation to this topic, produced
    me for my part consider it from so many numerous angles. Its like women and men don’t
    seem to be involved except it is something to do with Girl gaga!
    Your own stuffs excellent. Always take care of it

  4. smart IPTV says:

    I adore the different shades.

Leave a Reply

Your email address will not be published. Required fields are marked *