Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Nov7
    1:04 am (UTC-7)   |    by

    Trend Micro security researchers found spam messages containing links that try to look innocuous by starting off with http://google.com/search{some string}btn{some string}. Links like these seem credible — after all, who doesn’t trust Google? Users may be led to believe these links are harmless. However, instead of returning a list of search results, these links directly open a site. This spam message, for instance, entices the receiver to download a casino game:

    {sample spam link using Google’s “I’m Feeling Lucky” button}

    The incriminating string here is “btn,” the equivalent of clicking the I’m Feeling Lucky button found on Google’s search page. Using this button, Google redirects the user to the first Web page it had ranked as most relevant to the provided search query, instead of displaying the usual search listing.

    Malware authors just need to make sure that their site gets first base on Google rankings.

    Google and other unofficial “cheat sheets” document the array of advanced search functionalities built into the search engine. However, these functionalities may also be used by spammers to inject credibility into their spamming attempts.

    Luckily for users, Trend Micro Web threat protection technology is able to block malicious content on Web pages, proactively breaking the infection chain before infection can take place. Still, users are advised against clicking links offered in spammed messages, even if they look trustworthy enough.

    You might just get “lucky” yourself.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice