Spammers Finding New Ways to Abuse Google

Jitenda Sarda of Symantec's Security Response blog points out that spammers are now masking junk URLs with authentic-looking Google search strings:

The stunt also involves simulating Google's "Feeling Lucky" button, to make sure that when someone clicks the URL they go to precisely the site that the spammer wants.

The blogger ShoeMoney noticed the tactic earlier this week, and suggests it opens the door to even more ways to exploit the search engine. "So Google is passing a 302 redirect for this link. But its also dropping the full Google Cookie. . . I gotta ask myself besides fooling search engines what other bonuses could there be for exploiting this flaw in the Google search string."

Plenty, as the blogger then describes.

At a time when Google is moving at break-neck speed into social networking, and the cell phone business, Symantec is pointing out what's at least a minor exploit in the company's core business.