Spammers turn to DoubleClick for open redirect

Loophole in Google's AdSense solved, but new flaw quickly uncovered.

The good name of web giant Google continues to be a popular source of legitimacy among spammers, despite their efforts to shut down loopholes open to abuse.

Last month, Google fixed an open redirect in its AdSense ad serving program. The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within Google's domain. Of course, in the best of cases these links redirected to a spamvertising website, but more commonly, and more dangerously, they took victims to sites pushing drive-by downloads of malware. In either case, as they resided on the popular Google domain, the URLs were unlikely to be blacklisted.

With the loophole closed only a few weeks, spammers have quickly found themselves another open redirect to stealthily push their malicious websites. This redirect resides on the domain of ad-serving firm DoubleClick, a company that was, coincidentally, acquired by Google earlier this year. It is believed that DoubleClick is aware of the open redirect.

More at Sunbelt's blog here and at the Spammers' Compendium here.

03 June 2008

Tags: drive-by download, google, open redirect, spam. del.icio.us digg this

4 comments

DoubleClick is one of my personal irritants with online ad agencies out of dozens. My security suite routinely catches DoubleClick Cookies as malicious. Most Cookies are harmless, but then we have Cookies like those from DoubleClick which track your online usage and habits and they plug this as a "favor" to the user by providing a personalized browsing experience. The reality is that this is Spyware which is used in conjuction with other information gathering methods and tools which are used to compile "profiles" of individuals. These profiles often contain addresses, phone numbers, work place information, spouses, children, and even SS #, bank account information, and the list goes on. This information is then passed along to the highest bidder without regard for what purpose it will be put to. For anyone employing malicious Cookies and other personal data mining techniques to claim it is to "help" the user is ludicrous and preposterous. Sadly, a large number of well known security products do not scan for nor block malicious Cookies. Unless a product has this capability it isn't worth a plug nickle.

by Seree, 05 June 2008, 21:59

Seree, please don't post things if you don't know the facts. Doubleclick doesn't associate your cookie data with personally identifiable information (PII), nor does it sell that data to the highest bidder.

Check out this website: http://cdt.org/ This is a public advocacy group who is on your side.

by I don't work for doubleclick, 09 June 2008, 21:04

Too bad voor google, but i've blocked all their advertising sites.

Which also prevents me from this threat :P

by Rouke, 20 June 2008, 13:06

The safest method is to block all cookies that are not from trusted sites. But who can you trust? Everyone must be assumed to have their price. While that price may be quite high today, circumstances change. Personal debt, or a failing company, may do things they would not otherwise do. Only a fool totally trusts data mining cookies!

by Dick, 20 June 2008, 15:33