Jitenda Sarda of Symantec's Security Response blog points out that spammers are now masking junk URLs with authentic-looking Google search strings:
Recently, we came across few offer spam mails which had the following URL in it:
http://www.google.com/search?hl=en&q=inurl:replica%20intext:%22Perfect+c...
A first glance, it appeared to be a "Google search results" link and we were expecting it to take us to the search results page. However, when clicked, it automatically redirected to a site selling replicas of expensive watches, pens, and jewelry.
The stunt also involves simulating Google's "Feeling Lucky" button, to make sure that when someone clicks the URL they go to precisely the site that the spammer wants.
The blogger ShoeMoney noticed the tactic earlier this week, and suggests it opens the door to even more ways to exploit the search engine. "So Google is passing a 302 redirect for this link. But its also dropping the full Google Cookie. . . I gotta ask myself besides fooling search engines what other bonuses could there be for exploiting this flaw in the Google search string."
Plenty, as the blogger then describes.
At a time when Google is moving at break-neck speed into social networking, and the cell phone business, Symantec is pointing out what's at least a minor exploit in the company's core business.
