Google Redirection Vulnerability

I was reading my email this morning, and a particular spam had slipped through the filter. It was wanting me to look at some enticing Shakira video, and being the inquisitive person I am, I looked at the URL. I was surprised to find that the URL was, and there was a redirection within the ad mechanism. As an example

This is something I had not noticed before, and so did a little research. It seems that this is how Google ads works, and within the last couple of weeks spammers and phishers have been abusing this pretty blatantly. Because this appears to be working “as designed”, I wouldn’t expect to see any changes to how this works in the near future.