Spammers exploiting Google flaw

 

Gallery

By Matthew Sparkes

Posted on 19 Mar 2008 at 11:50

Spammers are tricking users into downloading malware by exploiting a loophole in the way Google handles advertising links, claims McAfee.

The security company has observed spammers using open redirect links to send users to a third party page from a link that appears to point to Google's own website.

"At first we thought Google page ads were being used to conceal the actual URL and subvert traditional anti-spam detection techniques. However, it seems one can change the linked URL to point to any site of your choice - as no validation appears to be done on Google's end," says McAfee Avert Labs researcher, Vinoo Thomas, in a blog post.

The vulnerability works for files as well as sites, so spammers can link directly to an executable which will download directly to the user's computer.

"Although this type of technique is not necessarily new, the problem is that Google is not preventing the redirects to such sites. Google must be aware of this redirect abuse, and it's hard to understand why it doesn't prevent these redirects working for known bad file types or for spam and malware sites," says Vinoo.

Earlier this year a similar tactic was uncovered using Microsoft's SkyDrive service. Spammers were found to be using the service to host sites with a simple redirect to another page that hosts malware. By linking to SkyDrive in spam emails, messages were less likely to be caught by spam filters.

Google says it does close down the malicious redirects. "Malware is a problem for all internet users, not just Google users," says a Google spokesman. "We actively work to protect our users from this kind of activity. When we learn of these types of redirectors, we work to close them, as we are doing in this case."