Checking through my logs today I found that someone was linking to my mailto: popup crash script. After checking the page out, I couldn’t find a single link to my site. Only a link to Google. Suspicious, I checked out where it was sending the consumer to: http://www.google.com/search?btnI=q&q=ha+-haha+mixed-bag-of+laughs+certaily (don’t click on that unless you want your computer to start spiraling out of control).
The words “ha” “laughs” “mixed bag” and “certainly” appear on the page. Because of the btnI=q it automatically redirects to the page in question to maliciously make people go to places they didn’t intend to go. This is pretty much exactly the use case I am worried about. Consumers have no idea that “ha+-haha+mixed-bag-of+laughs+certainly” is going to crash their computer. Nor would they understand if that were to give them a virus, or steal their bank account, etc… And yet this known hole is not yet fixed a year after first being reported….