Spammers send Google links to malware
March 19, 2008
A loophole in Google's website is sending unsuspecting users to malicious websites or executables, according to McAfee Avert Labs.
Spammers are using HTML-formatted email that include a link that appears to point to a Google page, but instead directs users to a site that then tries to install malware on their computer.
The link looks like a link to a Google page ad, which conceals the site's actual URL.
“The alarming thing here is that when a user looks at the URL, it will begin with www.google.com, and people trust it,” Craig Schmugar, threat researcher for McAfee Avert Labs, told SCMagazineUS.com on Tuesday.
Spammers have similarly abused this loophole with sites such as MSN and Yahoo.
This exploit has been happening with Google links for several months – it started with trying to get individuals to click on the spammers' websites – but researchers believe that sending users to malicious sites is a new tactic.
Schmugar said this type of phishing scheme can be difficult for some anti-spam solutions to detect.
“If the spam filter is primitive, it may not be able to pick up a valid Google.com redirect from a malicious one,” he said. “There will have to be a decision then whether to block all Google.com redirects, including the valid ones, which would result in a lot of false positives and the users of the site complaining.”
One way users can protect themselves is to run the mouse over the link.
“Look at the full length of the link before clicking,” Schmugar said. “It may be long, but it will show you exactly where it is sending you.”
A Google spokesperson did not immediately return a request for comment.
Author: Sue Marquette Poremba