We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com.
Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites.
"check google hxxx://www.google.com/search?q=17 Pounds site:theconsumerhealth.com&wjuyoqlvxz … and learn the right way to reduce 20 lbs in less than 29 days" One of the spam tweet reads.
"see google hxxx://www.google.com/search?q=%43%6C%65%61%6E%73%65%20%73%69%74%65%3A%74%68%65%63%6F%6E%73%75%6D%65%72%68%65%61%6C%74%68%2E%63%6F%6D&dkjgosnihm … and find out the best way to lose 22 lbs within just 29 days" another tweet reads.
"lol already lost 4 pounds in 5 days!! that web page I found at google hxxx://www.google.com/search?q=Burns site:theconsumerhealth.com&yfmnqzfvpr … is truly beneficial"
Unlike the previous spam campaigns, cybercriminals lure victims to visit their site by tricking them to look at the Google search. The spammers cleverly used the "site:" keyword to restrict the results to the specified domain.
"site:" is keyword to search only in a particular site and list all the results for that site. For eg: "spam site:ehackingnews.com" will find pages about spam within ehackingnews.com
So, when a victim follows the link, he is only going to see the results from the spammers website. The technique helps cyber criminals to bypass the malicious URL filtering.