bump (sorry).. but I just found some new info (in case anyone has additional comments).. from January 2006
" Google Redirection Hole Used For Phishing ... Google’s redirection hole is now being used as a phishing redirector. .. redirection without some way to whitelist is dangerous ... bad for your [customers] when they trust your link and go to a phishing site.."
Can someone explain what the above means? Most of the info I'm finding is from back in 2006.. has anything changed? Should we be concerned about this? If so, what is the recommended approach? .
Google's intended use for their Redirector is click tracking. The issue back in 2006 was that the Google Redirector worked "invisibly" and did not give you the interim page that it does today. This created a hole that various spam and especially phishing emailers exploited to cloak the links in their email and make them look like a Google url to gain the reader's trust. Today, you get that interim page, which is Google's way of short circuiting the trick.
A similar email link trick has been using the code that trips Google's "I'm Feeling Lucky" functionality. Of course, to make that work, the phisher needs to be sure that their url is #1 for the query they use.
More information at the SANS Institute's Internet Storm Center: [isc.sans.org...]
So how might that Redirector link end up as a referer in YOUR server logs? I think that Redirector link takes people to a page that held an ad for your website and your visitor clicked on it. Because the traffic arrived at the referring page through the Google Redirector instead of directly, the referring url could be the Redirector version of the url.