A new (well, to me) spam vector: google.com

This is, I must say, very clever. In my latest round of inbound spam, I’ve noticed that some senders have begun sending valid links to http://google.com/ in their messages. The technique they’re using is to obfuscate a target URL inside a Google “I’m feeling lucky” query: this means that the domain near the left of the URL really is google.com and doesn’t need to be faked, but it immediately reroutes a click to the spammer’s target, which is difficult to read due to some escaping. This is a cute social engineering attack, riding on Google’s brand and domain name to gull the unwary into clicking.

An obvious variant of this technique would be to seed a link farm with statistically improbable phrases, such that an “I’m feeling lucky” search for some innocuous but unlikely term, e.g. “woozy numbat playing kazoo”, would end up with a spammer’s site advertising something rather less wholesome as the number one hit. A spammer could even extend the use of SIPs to provide a canary trap to validate email addresses:if the inbound search term is “feral pet smells linux”, and we only sent that combination to user@domain.com, then the address must be valid.

Posted in web
2 comments on “A new (well, to me) spam vector: google.com
  1. Tên dự án: TTTM và Căn hộ cao cấp Oriental Plaza.

  2. For hottest information you have to visit internet and on internet I found this site as a most excellent website for most up-to-date updates.

Leave a Reply

Your email address will not be published. Required fields are marked *