Loophole in Google’s AdSense solved, but new flaw quickly uncovered.
The good name of web giant
Google
continues to be a popular source of legitimacy among spammers, despite their efforts to shut down loopholes open to abuse.
Last month,
Google
fixed an open redirect in its
AdSense
ad serving program. The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within
Google
‘s domain. Of course, in the best of cases these links redirected to a spamvertising website, but more commonly, and more dangerously, they took victims to sites pushing drive-by downloads of malware. In either case, as they resided on the popular
Google
domain, the URLs were unlikely to be blacklisted.
With the loophole closed only a few weeks, spammers have quickly found themselves another open redirect to stealthily push their malicious websites. This redirect resides on the domain of ad-serving firm
DoubleClick
, a company that was, coincidentally, acquired by
Google
earlier this year. It is believed that
DoubleClick
is aware of the open redirect.
More at
Sunbelt
‘s blog
here
and at the
Spammers’ Compendium
here
.
Posted on 03 June 2008 by
Virus Bulletin
Leave a Reply