Spammers are using Google Translate to disguise links to dodgy websites.

All sorts of internet pond life, particularly purveyors of blue pills purporting to pump blokes' performance between the sheets, are relying on the reputation of Google's language translation service to smuggle web links through mail filters. Security researchers at Barracuda Networks, which collects and analyses samples of spam, clocked messages attempting to defeat reputation filters using this tactic.

When a user clicks on a link in the junk mail, the web browser and Google are instructed to follow a chain of pages until the dodgy website is reached.

The link in the spam email points to Google Translate, which can act as a URL redirector. Google Translate is told to fetch a second address embedded in the first link. This second address is a URL shortened by a service such as Yahoo!'s y.ahoo.it. This shortened address is expanded and followed by Google's systems to a hacked website, which contains a small bit of text that Google Translate ultimately tries to process.

But the compromised website also includes code that breaks the browser out of the Google Translate iframe and redirects the user, finally, to the rogue online pharmacy shop. It's a multi-stage obfuscation process designed to fox anti-spam software, which may simply inspect the message and approve it because all it can see is the Google link.

Barracuda researchers Dave Michmerhuizen and Shawn Anderson found that the search giant's translation service is blocking many of the dodgy links, but the tactic is nonetheless a concern because it may easily be used to lure users into visiting malware-tainted websites.

"We've tested many of these links in the lab, and it appears that Google may be implementing code that defeats frame-busting, but our tests are inconclusive.  Some links now redirect to google.com, while others still redirect to pharmacy sites.  We certainly hope this technique is not discovered by malware distributors," the Barracuda researchers explained in a blog post.

"In any case, it's worthwhile to know that spammers are taking these extreme steps to hide what they're doing, and no matter how good your spam filtering solution you have to be especially aware of emailed links.  In short, don't click on them." ®

Related stories

• Google hits the Translate button on Google+ (22 August 2013)

  https://www.theregister.com/2013/08/22/google_plus_translation_inline/

• Germans brew up a right Sh*tstorm (5 July 2013)

  https://www.theregister.com/2013/07/05/scheissesturm/

• US states: Google making ad money on illegal YouTube vids (3 July 2013)

  https://www.theregister.com/2013/07/03/google_illegal_pharmacy_ads/

• Wales slams Amazon over lack of Kindle support (15 April 2013)

  https://www.theregister.com/2013/04/15/wales_language_amazon/

• Rotten spam causing more infections than ever – study (11 April 2013)

  https://www.theregister.com/2013/04/11/spam_more_dangerous_than_ever/

• New class of industrial-scale super-phishing emails threatens biz (4 March 2013)

  https://www.theregister.com/2013/03/04/longlining_phishing/

• Beware the malware-tipped SPEAR TRAP in your inbox (29 November 2012)

  https://www.theregister.com/2012/11/29/spear_phishing/

• Cybercrims dump email for irresistible Twitter, Facebook spam (6 May 2012)

  https://www.theregister.com/2012/05/06/social_network_spam/

• The top five spam subjects sullying inboxes (22 November 2011)

  https://www.theregister.com/2011/11/22/common_spam_subject_lines_revealed/