Video Screencast Help
Security Response

More Spammer Abuse for Google's Services

Created: 24 Aug 2009 22:32:14 GMT • Updated: 23 Jan 2014 18:33:09 GMT
Robert Vivas's picture
0 0 Votes
Login to vote

Spammers continue to take advantage of the Internet tools and applications Google provides for free. In the past we have encountered spammers abusing Google Group Pages, Google Maps, Google Search, and Google Docs to host spam content. Recently spammers have started using Google Translate. Google Translate is an excellent tool that enables users to translate any text, Web page, or document, and convert the native text to the specified language requested.

With recent medication spam offer attacks, spammers have discovered a way to exploit the use of Google Translate. Here is one example:

  1. Hijacked URL directory space from a legit domain. In this example they used www.ipanel.tv with the directory path www.ipanel.tv/images/news/news.htm to use as a redirect to host the intended spam domain www.pilllovefast.com
  2. Utilized Google Translate as a vehicle to obtain this URL: http://www.google.co.uk/translate?u=www.ipanel.tv/images/news/news.htm
  3. Take the Google Translate URL and embed the URL in HTML encoding into the body of the message

 Below is an example to help illustrate the spammer’s technique:
 

imagebrowser image

Below is the exposed HTML embedded URL found in the message:

 

<=a href=3D"http://www.att.net/s/context.dll?id=3D135&type=3Dclickthru&name=

=3Dwebdirectory.sortbycategories.att.dating&redirecturl=3Dhttp://google.co.=

uk/translate?u=3Dwww.ipanel.tv/images/news/news.htm">


In the example below, if the email recipient clicks on the hyperlink it will redirect to Google Translate, which inserts the hijacked domain:

imagebrowser image

While Google Translate tries to convert the website, it is unable to do so since the domain that is inserted is a redirect URL path that will take you to the spammer’s intended spam domain:

imagebrowser image

The main reason for spammers utilizing this technique is to try and bypass spam filters. The spammers’ use of Google Translate and hijacked URL domains in the message body makes it difficult for anti-spam companies to filter or detect URLs as potential spam.


Blog contributors: Ching-Yu Hsu and Hitomi Lin