Spam hosted by Google Notebook

Most of the spam emails circulating these days contain one or two URLs showing a picture and pointing to the spam website. Something like this:
<a href=”http://spam-site.com”><img src=”http://picture-site.com/picture.jpg></a>

Some spams also contain URLs pointing to highly reputable websites like msn.com, Microsoft.com and others. This technique is used to confuse the spam filters by poisoning the spam content. Basically, we have some suspicious URLs (or should I call them malicious?) which can be blacklisted without any problem.

The spammers are, of course, aware of this functionality and have found long time ago different vectors of advertising their URLs: Through various groups (Yahoo, Google, etc.), Blogs, Social Networking sites like Twitter, Google Docs, search engine redirects, and so on.

Another method, which was not so much used until recently, is Google Notebook. Some days ago I stumbled upon a spam email which has nothing else inside than a single URL pointing to Google Notebook: http://google.com/notebook/public/<large-number>/<large-text&gt;.

01-googlenotebook-site

After clicking on the picture, the user gets redirected to an intermediary page for a couple of seconds. This intermediate site then redirects the user to a pharmacy site.

02-googlenotebook-meds-site

This looks like a “usual” meds advertisement for German customers. But before closing the website, the link “More by >>” caught my eye so I followed it:

03-googlenotebook-spam

Obviously, this “campaign” started out already in February this year and it is still ongoing. All of the notes were still active except the two from February.

As this spam method has a little new twist, we took a closer look on it: In the first image of this article we see that Google assumes no responsibility for the content in Notebook entries. This is expected – but how can I report this as spam? It is not possible, as we’re talking about a major service like Google here.

Out of interest I tried to reproduce how they added a picture into the Note. This seems to be not supported by Google Notebook.

04-googlenotebook-mytest

The first link in my test note goes to http://www.avira.com, the second one goes to a picture from the TechBlog. As you can see, there is no image appearing, even though I activated the option to include miniature previews that Google Notebook offers.

How did they manage to show that picture automatically and with a link on it? Looking at the source code of the note, we see something exactly like the example at the beginning of the article: <a href=”http://spam-site.com”><img src=”http://picture-site.com/picture.jpg></a>

In this case, http://picture-site.com is pointing to http://www.google.com/base_media?hl=en&amp;fact=12e&amp;size=3&amp;q=<url&gt; and the URL is pointing to the picture hosted somewhere.

Maybe it is just a delay from Google or a hick-up that in my tests no image or preview showed up in my note. I will continue to investigate this and post the results then. If you know how to add such a linked image to a note, please let me know!

Sorin Mustaca
Manager International Software Development