Last month, Google fixed an open redirect in its AdSense ad serving program. The open redirect had
become popular with spammers trying to lure users into clicking their links, as they could be made to
look like safe URLs within Google's domain. Of course, in the best of cases these links redirected to
a spamvertising website, but more commonly, and more dangerously, they took victims to sites pushing
drive-by downloads of malware. In either case, as they resided on the popular Google domain, the URLs
were unlikely to be blacklisted.
With the loophole closed only a few weeks, spammers have quickly found themselves another open
redirect to stealthily push their malicious websites. This redirect resides on the domain of
ad-serving firm DoubleClick, a company that was, coincidentally, acquired by Google earlier this
year.
