main
Report a problem

Googlewhack trick used to slip junk mail past spam filters

Daniel Fleshbourne   on 06 November 2007 - 10:45 · 8 comments & 6201 views

Advertisement (Why?)
Advanced features in Google's search engine are being used by spammers to disguise the URLs of spamvertised sites. Hackers have been using Google search functions to hunt for vulnerabilities. Now their peers in the junk mail business are getting into the act, Symantec reports.

Google supports a variety of advanced query words that are capable of narrowing the scope of a search. Spammers have latched onto this functionality as a means to direct an end user to a URL advertising their products or services, without directly pointing at a site. The approach, as with so many in the field of spamming, is designed to bypass junk mail filters. Symantec came across the technique after coming across spam emails containing a URL that, on casual inspection, resembled a "Google search results" link. However, when clicked, the URL directs surfers to a site selling replicas of expensive watches, pens, and jewelry.

View: The full story @ The Reg

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

 

Post a comment · Send to friend Comments · There are 8 additional comments
(1 reply) #1 vetmarkjensen on 06 Nov 2007 - 14:22
Kind of like how this google link
[google]http://www.google.com/search?q=unobtrusive+DX23...I=Google+Search[/google]
Takes you to Neobonds blog.

Sneaky.

EDIT: Is the linking system not working right? Here it is without the forum auto-url-ing
www.google.com/search?q=unobtrusive+DX2300+portsmouth&btnI=Google+Search

Last edited by markjensen on 06 Nov 2007 - 14:35
#1.1 eikonoklastes on 07 Nov 2007 - 07:57
Wow. That's sneaky and scary. The 'I'm Feeling Lucky' button has to go.
(2 replies) #2 shhac on 06 Nov 2007 - 16:01
google could easily stop innocent people falling into this by making their redirect only work if the referrer is from a google search page.
#2.1 JoeC on 06 Nov 2007 - 17:15
I don't use Gmail myself, but is there not a Google search box on the page somewhere?
#2.2 vetmarkjensen on 06 Nov 2007 - 17:23
Quote - (JoeC said @ #2.1)
I don't use Gmail myself, but is there not a Google search box on the page somewhere?
It's not about gmail. It is about how a link for a google.com address (from any spammer through a Yahoo or MSN or any other email account) can be set up to auto-direct on arbitrary and possibly unrelated terms to the content of the page.

My example above uses the words "unobtrusive", "DX2300" and "Portsmouth" in the link, and can be used to spam Steve's blog page, even if you filter out things like "blog", "Neobond", "Steve" and "Neowin".
#3 n_K on 06 Nov 2007 - 18:15
maybe just me, but i've been getting the google spam for over 2 weeks now... they search using quotes for everything on the page, and send the `Im Feeling Lucky` button link in all emails
#4 Examinus on 06 Nov 2007 - 18:28
Spamvertised?
#5 Julius Caro on 06 Nov 2007 - 19:59
"Symantec" reports

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net