cancel
Showing results for 
Search instead for 
Did you mean: 

SPAM - Using Google Advanced Search to hide malicious URLs

Spam filters often check email for MIME compliancy, plus they evaluate URLs embedded in the message itself. Symantec and Sunbelt are reporting a new tatic used by spammers where they emulate the "I'm feeling lucky" button in a Google search to embed their own website into Google's advanced search format To the email spam filter, it may appear to be a safe Google based URL, but instead it points to the spam website, which may even contain adware or spyware agents

Always, be careful with email and avoid clicking on attachments or URLs when they appear to be suspicious. Otherwise "bad luck" may occur if you avoid this cautious approach :eek:


SPAM - Using Google Advanced Search to hide malicious URLs
http://sunbeltblog.blogspot.com/2007/11/ingenious-new-method-used-by-spammers.html
http://www.symantec.com/enterprise/security_response/weblog/2007/11/googles_advanced_search_operat.h...


 

Feeling lucky?

Here’s what the spammer did to pull off this little magic trick:

1. The spammer devised a query string which yielded only his or her URL as result of an advanced Google search.

2. The spammer then simulated the click of the "I'm Feeling Lucky" button (notice the '&btnl=' at the end of the above URL) that will take you to the URL of the first result that comes up for the entered search query.

Example of manipulating Google's "I feel lucky" search:
http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/JS_gogspam2_lrg.html


3. Lastly, the spammer packed this URL into a regular email and sent it out to evade spam filters.