Spammers continue to take advantage of the Internet tools and applications Google provides for free. In the past we have encountered spammers abusing Google Group Pages, Google Maps, Google Search, and Google Docs to host spam content. Recently spammers have started using Google Translate. Google Translate is an excellent tool that enables users to translate any text, Web page, or document, and convert the native text to the specified language requested.
With recent medication spam offer attacks, spammers have discovered a way to exploit the use of Google Translate. Here is one example:
Below is an example to help illustrate the spammer’s technique:
<=a href=3D"http://www.att.net/s/context.dll?id=3D135&type=3Dclickthru&name=
=3Dwebdirectory.sortbycategories.att.dating&redirecturl=3Dhttp://google.co.=
uk/translate?u=3Dwww.ipanel.tv/images/news/news.htm">
In the example below, if the email recipient clicks on the hyperlink it will redirect to Google Translate, which inserts the hijacked domain:
While Google Translate tries to convert the website, it is unable to do so since the domain that is inserted is a redirect URL path that will take you to the spammer’s intended spam domain:
The main reason for spammers utilizing this technique is to try and bypass spam filters. The spammers’ use of Google Translate and hijacked URL domains in the message body makes it difficult for anti-spam companies to filter or detect URLs as potential spam.
Blog contributors: Ching-Yu Hsu and Hitomi Lin