Goo.gl - Google's link-shortening feature - used to spread malware
Spam watchers are noting a new trend: using Google's link shortening tool to hide the real location of links to malicious software.
The links are in a variety of spam attacks, including supposed access to Dropbox files, tax refunds, voice mails and faxes. This replaces the usual bait-and-switch links that, as anyone familiar with even basic html will know, claim to point to one web site address while the underlying, hidden link actually goes somewhere else. It's a bait-and-switch trick that's simple to expose: hover your cursor over the visible link and, if the actual link that pops up is different, then you're being phished.
In this case, however, the visible link and the underlying link are the same: http://goo.gl/AndSomeCode
Hover over the link, and you get the same web address. But when you actually click on the link, you go first to the Google link shortening tool which then redirects you to the link containing the malicious software that will now infect your computer. Thanks, Google.
So there are two solutions: Google needs to put a stop to this, or Internet users need to stop clicking on any links using Google's link shortener.
Since we have no control over Google - and don't know how or when they'll deal with this problem - our solution is to block any email that contains http://goo.gl and warn the crew here never to click on that type of link in any emails that slip through our filters.
-g
