Adhost Blog
24/7/365 Support
1-888-323-4678
support@adhost.com
Spammers using Google to hotlink to phishing sites
Posted in IndustryThe Internet Storm Center recently reported on how spammers are now using Google’s “I’m Feeling Lucky” feature to redirect phishing links, in an effort to mask their trails.
Systems administrators at Adhost actually reported the first uses of this technique nearly two months before ISC’s report, which was reported to them through their submission forms and also was passed around to other administrators.
This might be interesting – we’ve gotten spam that is using Google’s “I’m Getting Lucky” feature to essentially do a referral bounce using Google!
Here’s the link from the spam, a typical “mortgage refinancing” spam otherwise:
http://www.google.com/search?hl=en&q=earthmortgage123+As+
direct+lender+Earth+Mortgage+eliminated+high-commissioned+
Employment+Opportunities&btnI=gndo1The key is the “&btnI=gndo1″ at the end – what this does is trigger the “I’m Getting Lucky” button from their front page, which automatically sends you to the first hit on the search. Therefore, if you go to that link, you go to Google, which does the search that only gets one hit – the spammer’s page – and then via I’m Getting Lucky, you unluckily get sent right to their site.
This is just one example of how Adhost systems administrators and engineers are constantly working to detect, diagnose and protect systems against several attack vectors online, from phishing attacks, to spam, to denial of service attacks, and more!
posted by Mike Sweetser 2:34 pm September 21, 2007permalink | digg this | technorati