NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0342 Google Features Used to Slip Junk Mail Past Spam Filters:
Spammers are using advanced features in Google's search engine to disguise the URLs
of "spamvertised" sites, according to an online press report citing Symantec research.
Google supports a variety of advanced query words that narrow the scope of a search,
which spammers are using to direct an end user to a URL advertising their products or
services without directly pointing at a site. Symantec discovered the technique after
coming across spam emails containing a URL that resembled a "Google search results" link.
However, when clicked, the URL directs surfers to a site selling replicas of expensive
watches, pens, and jewelry. The ploy is effective because the spammers had managed to
make a search query specific to their web site by using an advanced Google search
combining the "inurl" and "intext" operators. The spammers also simulated a user click
on Google's seldom-used "I'm Feeling Lucky" button to take surfers directly to the
first result that comes up for the entered search query. As the spammer has designed
the query to yield only one result - that of the spamvertised site - surfers go directly
to a junk-mail-promoted site when they select what looks like a search result entry.
The technique allows spammers to pump out emails designed to evade junk mail filters,
but the report notes that antispam firms are able to counter the approach.
(www.theregister.co.uk 06NOV07)