Trend Micro security researchers found spam messages containing links that try to look innocuous by starting off with http://google.com/search{some string}btn{some string}. Links like these seem credible — after all, who doesn’t trust Google? Users may be led to believe these links are harmless. However, instead of returning a list of search results, these links directly open a site. This spam message, for instance, entices the receiver to download a casino game:

The incriminating string here is “btn,” the equivalent of clicking the I’m Feeling Lucky button found on Google’s search page. Using this button, Google redirects the user to the first Web page it had ranked as most relevant to the provided search query, instead of displaying the usual search listing.

Malware authors just need to make sure that their site gets first base on Google rankings.

Google and other unofficial “cheat sheets” document the array of advanced search functionalities built into the search engine. However, these functionalities may also be used by spammers to inject credibility into their spamming attempts.

Luckily for users, Trend Micro Web threat protection technology is able to block malicious content on Web pages, proactively breaking the infection chain before infection can take place. Still, users are advised against clicking links offered in spammed messages, even if they look trustworthy enough.

You might just get “lucky” yourself.