Google Blogoscoped


Google linked spam

Achille [PersonRank 2]

Saturday, June 17, 2006
16 years ago3,831 views

I get a spam message come through about once in a month, I just got a spam message that used an interesting technique:

From: bolsterwinters[put at-character here]
Subject: sufficient
Date: June 17, 2006 6:11:35 PM EDT
To: achille[put at-character here]

Have you ever considered of saving thousands on your health?
If you are already paying hundreds, then you should check Google:

Weldon Chin
Google Service Team

Is this unique?

Philipp Lenssen [PersonRank 10]

16 years ago #

Interesting abuse of the Google brand.

Milly [PersonRank 10]

16 years ago #

Perhaps the important issue is that, unlike (I believe) all current browsers, Google's redirector doesn't employ any anti-phishing safeguards to block or unmask obfuscated URLs.

For example, just entering the obfuscated tail of that URL into IE, Firefox or Opera : %68%74%74%70%3A%2F%2F%77%77%77%2E%67%
%6F%2F%65%67%2E%68%74%6D%6C *wouldn't* navigate to the spammers page (nor if the http:// and/or www bits are not obfuscated).

[[ you will have to concatenate these lines yourself – Sam]]

But when 'washed' through Google, browsers see the initial valid (Google) domain and so (rightly) think the URL is good, and Google's redirector makes no similar sanity checks of its own.

Maybe you should call upon Google to tighten that up, Philipp?

Google could have their redirector decline to forward to obfuscated URLs. Or it could display an interstitial page showing the original and de-obfuscated URLs as clickable links – like most of the URL shortening services do – so that surfers could choose (and/or be auto-redirected after a short 'no thanks' pause). Hey, they could even put adverts on the display page ...


Oops, looks like I've borked your page formatting :)

(And I don't mean the URL shortening services show de-obfuscated URLs; only that they show an interstitsial page. Google could do both, it seems to me).

Milly [PersonRank 10]

16 years ago #

On a slightly different issue, the spam might also have said :-

If you are already paying hundreds, then you should check Google's Trusted Partners Program :

Weldon Chin
Google Service Team

And anti-obfuscation at the Google redirector wouldn't help much there, since sloppiness in Google's server configuration would (and does) allow the same URL in plain text :-
url?&q=http : //

More details/examples of that quirk here :-

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!