SPAM - Using Google Advanced Search to hide malicious URLs
Spam filters often check email for MIME compliancy, plus they evaluate URLs embedded in the message itself. Symantec and Sunbelt are reporting a new tatic used by spammers wherethey emulate the "I'm feeling lucky" button in a Google search to embed their own website into Google's advanced search format To the email spam filter, it may appear to be a safe Google based URL, but instead it points to the spam website, which may even contain adware or spyware agents
Always, be careful with email and avoid clicking on attachments or URLs when they appear to be suspicious. Otherwise "bad luck" may occur if you avoid this cautious approach :eek:
Here’s what the spammer did to pull off this little magic trick:
1. The spammer devised a query string which yielded only his or her URL as result of an advanced Google search.
2. The spammer then simulated the click of the "I'm Feeling Lucky" button (notice the '&btnl=' at the end of the above URL) that will take you to the URL of the first result that comes up for the entered search query.