Quantcast

Google Advanced Search Spam Poses Threat

Get the WebProNews Newsletter:


[ Search]

A sample of a spam message making the rounds demonstrated how someone used a Google URL, with advanced search operators, to send people to a fake retail site. It could be much worse.

We saw the effect of a spam detected by Symantec, where a link in the junk message resolved properly to Google. The spam link used advanced Google search operators to run an "I’m Feeling Lucky" query on Google.

The spammers crafted the link, its operators, and the destination site in such a way that the link would automatically go to the site. To the observer looking at the link, it appears to be a typical Google search with some extra query language related to the spam’s topic included.

That destination site had been registered at the beginning of October, with contact details that look phony. We’ll be surprised if orders placed through the site do more than grab some cash from the payment method before it vanishes from the web.

MailChannels After we noted this story earlier, David Cawley of MailChannels dropped a note in the inbox. He pointed out how this misuse of Google’s advanced search and the "I’m Feeling Lucky" feature could have been much worse:

The issue is actually more serious than a typical spam redirect. For example, I could craft (a) URL to point to an attachment instead of a website.

Since many Windows users have their PCs configured to automatically open PDF attachments, it’s possible that it may have opened as soon as you click the link.

Cawley’s link did just what he said it would, triggering the launch of Adobe Reader and the opening of the destination PDF. His sample was a benign link to a whitepaper. A malicious link could deliver all kinds of nastiness to an unprotected machine.

Earlier today, we suggested Google may want to revisit their past consideration of doing away with the "I’m Feeling Lucky" link. It’s unique to Google among the major search engines. The feature’s luck may have run out now.

Google Advanced Search Spam Poses Threat


Top Rated White Papers and Resources
  • Bob

    It’s taken them this long to realize that the spammers have been doing this? I saw it happening in spam months ago. I’d have tried to contact Google, but they ignore all complaints about spammers on their system, spammers using Googlepages, spammers with Gmail reply addresses and spammers posting through Google Groups so I just ignored it. Lots of people are saying Google’s got the arrogance Microsoft used to be famous for, and I agree.

    • Spam fighter

      This isn’t a new technique. It’s sad when media jump on some “bandwagon” that’s months old… anyway…

      Here are a couple of useful Google links I have acquired over the few weeks I have been fighting spam:

      Report blogspot.com spam redirects: http://help.blogger.com/?page=contact

      Report Gmail abuse (such as advance-fee fraud not sent through Gmail, but requesting replies to Gmail addresses):
      http://mail.google.com/support/bin/request.py?contact_type=abuse_other

      Report spam originating from within Gmail’s network (spam headers are all from internal gmail sites):
      http://mail.google.com/support/bin/request.py?contact_type=abuse_spoofing

      Report Google search engine-related spam:
      http://www.google.com/contact/spamreport.html

  • Spam Fighter

    Google has a web page that looks like the place to report these URLs, and they will disactivate the URLs so these spammer techniques won’t work. Of course, it’s a never-ending battle (called whack-a-mole) because the spammers will just find another query to try.

    But at least we can all fight them and do our part by reporting the “advanced search spam” urls here:

    http://www.google.com/contact/spamreport.html

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom