-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Simon Byrnand writes:
Just spotted the following redirected URL in a spam. Doesn't look like it will be getting caught yet with the current redirector rules:
http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=...
Using images.google.ca as a redirector ? Thats a new one.... I'm not game to click on the link to see where it goes though... its from the same spammer that was blatently abusing the yahoo redirectors and msn ones...
it might work. I won't check where it goes, just in case it confirms your addr or similar ;)
Well I've already clicked on it now to see what happens, so feel free to click on it ;)
it's a 3-level redirect:
http://images.google.ca/imgres , redirecting to http://www.google.com/url , redirecting to http://www.google.com/url , encoded, redirecting to the real URL, encoded.
kind of pointless, since it's caught. (or should be at least.) spamassassin -D -t gives:
debug: uri found: http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=... debug: uri found: http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=... debug: uri found: http://www.google.com/url?q=http://www.google.com/url?q=http%3A%2F%2Fwww.exp... debug: uri found: http://www.google.com/url?q=http%3A%2F%2Fwww.expage.com%2Fmanger32
It's double-encoded. We can catch that easily. But first, my question -- does this *work* in an MUA, ie. should we? Simon, could you try it?
What you get is the image preview in google which consists of an image in the top frame, and the page that it came from in the bottom frame, and in the bottom frame was a link "click here for ......." so yes it definately does work...
Regards, Simon