Scammers use Google Translate to outwit spam filters

Published April 2, 2013 12:17pm

Google Translate just became an unwitting weapon of scammers in outwitting spam filters, a security vendor said.

Barracuda Labs said it detected large-volume spam attacks that used google.com/translate "to whitewash links in an attempt to evade automatic detection."

"In any case, it's worthwhile to know that spammers are taking these extreme steps to hide what they're doing, and no matter how good your spam filtering solution you have to be especially aware of emailed links. In short, don't click on them," it advised.

Barracuda Labs said spammers avoid spam blockers by looking for open URL redirectors and poorly maintained URL shorteners they can hide behind.

As such, they look for "small weakly defended websites" to hack and install redirect code, so they can exploit the site's "good reputation" to evade filters.

In effect, the hacked website will then redirect visitors to the website set up by the spammer.

Barracuda Labs cited one case where the spammer used a poorly maintained URL shortener, and used Google Translate as a URL redirector.

In that particular instance, it said clicking on the link leads to Google Translate, which in turn fetches the shortened URL and follows it to playandstudy.org, a hacked WordPress-based website in France.

"Playandstudy.org returns Russian text that translates to 'Redirected to the requested page...' and Google translate displays that on it's page in an iframe," it said.

Google Translate then executes code from playandstudy.org that ultimately redirects the browser to a rogue pharmacy website.

So far, Barracuda Labs said its tests indicate Google may be trying to defeat the spammers but some links redirect to Google.com, while others "still redirect to pharmacy sites." — TJD, GMA News

Tags: google, googletranslate, spam