Spammers continue to take advantage of the Internet tools and applications Google provides for free. In the past we have encountered spammers abusing Google Group Pages, Google Maps, Google Search, and Google Docs to host spam content. Recently spammers have started using Google Translate. Google Translate is an excellent tool that enables users to translate any text, Web page, or document, and convert the native text to the specified language requested.
With recent medication spam offer attacks, spammers have discovered a way to exploit the use of Google Translate. Here is one example:
- Hijacked URL directory space from a legit domain. In this example they used www.ipanel.tv with the directory path www.ipanel.tv/images/news/news.htm to use as a redirect to host the intended spam domain www.pilllovefast.com
- Utilized Google Translate as a vehicle to obtain this URL: http://www.google.co.uk/translate?u=www.ipanel.tv/images/news/news.htm
- Take the Google Translate URL and embed the URL in HTML encoding into the body of the message
Below is an example to help illustrate the spammer’s technique:
Below is the exposed HTML embedded URL found in the message:
In the example below, if the email recipient clicks on the hyperlink it will redirect to Google Translate, which inserts the hijacked domain:
While Google Translate tries to convert the website, it is unable to do so since the domain that is inserted is a redirect URL path that will take you to the spammer’s intended spam domain:
The main reason for spammers utilizing this technique is to try and bypass spam filters. The spammers’ use of Google Translate and hijacked URL domains in the message body makes it difficult for anti-spam companies to filter or detect URLs as potential spam.
Blog contributors: Ching-Yu Hsu and Hitomi Lin