Googlewhack trick used to slip junk mail past spam filters

Advanced features in Google's search engine are being used by spammers to disguise the URLs of spamvertised sites. Hackers have been using Google search functions to hunt for vulnerabilities. Now their peers in the junk mail business are getting into the act, Symantec reports.

Google supports a variety of advanced query words that are capable of narrowing the scope of a search. Spammers have latched onto this functionality as a means to direct an end user to a URL advertising their products or services, without directly pointing at a site. The approach, as with so many in the field of spamming, is designed to bypass junk mail filters. Symantec came across the technique after coming across spam emails containing a URL that, on casual inspection, resembled a "Google search results" link. However, when clicked, the URL directs surfers to a site selling replicas of expensive watches, pens, and jewelry.

View: The full story @ The Reg

Report a problem with article
Previous Story

Biostar launches motherboard based on AMD 770 chipset

Next Story

IBM bets on Power 6, AIX and virtualisation trinity

8 Comments

Commenting is disabled on this article.

maybe just me, but i've been getting the google spam for over 2 weeks now... they search using quotes for everything on the page, and send the `Im Feeling Lucky` button link in all emails

google could easily stop innocent people falling into this by making their redirect only work if the referrer is from a google search page.

JoeC said,
I don't use Gmail myself, but is there not a Google search box on the page somewhere?
It's not about gmail. It is about how a link for a google.com address (from any spammer through a Yahoo or MSN or any other email account) can be set up to auto-direct on arbitrary and possibly unrelated terms to the content of the page.

My example above uses the words "unobtrusive", "DX2300" and "Portsmouth" in the link, and can be used to spam Steve's blog page, even if you filter out things like "blog", "Neobond", "Steve" and "Neowin".

Kind of like how this google link
[google]http://www.google.com/search?q=unobtrusive+DX23...I=Google+Search[/google]
Takes you to Neobonds blog.

Sneaky.

EDIT: Is the linking system not working right? Here it is without the forum auto-url-ing
www.google.com/search?q=unobtrusive+DX2300+portsmouth&btnI=Google+Search