0 Replies Latest reply on Nov 6, 2007 12:24 PM by HarryWaldron

    SPAM - Using Google Advanced Search to hide malicious URLs

      Spam filters often check email for MIME compliancy, plus they evaluate URLs embedded in the message itself. Symantec and Sunbelt are reporting a new tatic used by spammers where they emulate the "I'm feeling lucky" button in a Google search to embed their own website into Google's advanced search format To the email spam filter, it may appear to be a safe Google based URL, but instead it points to the spam website, which may even contain adware or spyware agents

      Always, be careful with email and avoid clicking on attachments or URLs when they appear to be suspicious. Otherwise "bad luck" may occur if you avoid this cautious approach :eek:

      SPAM - Using Google Advanced Search to hide malicious URLs
      http://sunbeltblog.blogspot.com/2007/11/ingenious-new-method-used-by-spammers.ht ml
      http://www.symantec.com/enterprise/security_response/weblog/2007/11/googles_adva nced_search_operat.html


      [FONT=Arial][COLOR=#6600ff][B]Feeling lucky?

      Here’s what the spammer did to pull off this little magic trick:

      1. The spammer devised a query string which yielded only his or her URL as result of an advanced Google search.

      2. The spammer then simulated the click of the "I'm Feeling Lucky" button (notice the '&btnl=' at the end of the above URL) that will take you to the URL of the first result that comes up for the entered search query.

      Example of manipulating Google's "I feel lucky" search:
      http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/JS_go gspam2_lrg.html

      3. Lastly, the spammer packed this URL into a regular email and sent it out to evade spam filters.