Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    1:04 am (UTC-7)   |    by

    Trend Micro security researchers found spam messages containing links that try to look innocuous by starting off with{some string}btn{some string}. Links like these seem credible — after all, who doesn’t trust Google? Users may be led to believe these links are harmless. However, instead of returning a list of search results, these links directly open a site. This spam message, for instance, entices the receiver to download a casino game:

    {sample spam link using Google’s “I’m Feeling Lucky” button}

    The incriminating string here is “btn,” the equivalent of clicking the I’m Feeling Lucky button found on Google’s search page. Using this button, Google redirects the user to the first Web page it had ranked as most relevant to the provided search query, instead of displaying the usual search listing.

    Malware authors just need to make sure that their site gets first base on Google rankings.

    Google and other unofficial “cheat sheets” document the array of advanced search functionalities built into the search engine. However, these functionalities may also be used by spammers to inject credibility into their spamming attempts.

    Luckily for users, Trend Micro Web threat protection technology is able to block malicious content on Web pages, proactively breaking the infection chain before infection can take place. Still, users are advised against clicking links offered in spammed messages, even if they look trustworthy enough.

    You might just get “lucky” yourself.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice