Friday, December 16, 2011

Look Before You Click! Spammers Abuse Google Open Redirect

Redirecting..It’s becoming more and more crucial that you look before you click.

Spammers are using Google’s open redirect in order to help their emails slide past spam filters and hide the destination website from the recipient.

For those of you who don’t know, an open redirect is a URL that redirects to a second URL. The second URL is visible in the first URL and can be changed to make the redirect point to an arbitrary website.

Here's an example:

Unfortunately not all redirect URLs are that obvious.

Solera Labs shared a redirect URL that shows how spammers are abusing Google open redirect in order to link unsuspecting users to a website that’s serving rogue antivirus software.

Google Open Redirect Example

Upon first glance, the link appears safe due to Google’s domain name. However, once it’s clicked, the user would be redirected to the domain, and then routed to various IP addresses before finally being served scareware by the name of “Fakealert.”

By using a Google open redirect, spammers are able to take advantage of Google's trustworthy reputation in order to bypass spam filters that would otherwise block their email due to links pointing towards blacklisted domains.

Despite the dangers lurking within open redirect, Google has excluded open redirects from their well-known bug bounty program since users can be tricked into clicking a link without the help of a redirect.

That being said, it is imperative that users closely inspect URLs before clicking on them to avoid being redirected to harmful websites.

If you’re wondering whether or not you should follow a link, you may want to run it through a URL scanner first. Here are a few that you can use:

Note: I provided services that can be used without downloading any sort of browser add-on. If you have suggestions, feel free to share them below!

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

No comments:

Post a Comment