Cenzic 232 Patent
Paid Advertising
web application security lab

Google Blind Redirects Strike Again

Checking through my logs today I found that someone was linking to my mailto: popup crash script. After checking the page out, I couldn’t find a single link to my site. Only a link to Google. Suspicious, I checked out where it was sending the consumer to: http://www.google.com/search?btnI=q&q=ha+-haha+mixed-bag-of+laughs+certaily (don’t click on that unless you want your computer to start spiraling out of control).

The words “ha” “laughs” “mixed bag” and “certainly” appear on the page. Because of the btnI=q it automatically redirects to the page in question to maliciously make people go to places they didn’t intend to go. This is pretty much exactly the use case I am worried about. Consumers have no idea that “ha+-haha+mixed-bag-of+laughs+certainly” is going to crash their computer. Nor would they understand if that were to give them a virus, or steal their bank account, etc… And yet this known hole is not yet fixed a year after first being reported….

3 Responses to “Google Blind Redirects Strike Again”

  1. Colin Newcomer Says:

    I was an idiot and clicked on the link on another forum. I noticed it ran some type of .exe file. Do you have any idea what that file does? The only thing I remember about it is that it started with an “m”

  2. Jungsonn Says:

    Sheesh… That’s real bad, I also forgot about about that re-directing issue on Google.

    @Colin
    But if it runs an executable you must confirm it to run right? or am I missing something?

  3. Tadeh Says:

    I got a similar link in gmail.
    The worst part is that It goes in Inbox folder, not Spam folder !!!

    http://www.google.com/search?hl=en&q=buyreplicaonline+Replica+Grades+Co+Jacob+Designer+Replica+panerai&btnI=z6YmB5UvBLcUIn