Hackers have been using Google search functions to hunt for vulnerabilities. Now their peers in the junk mail business are getting into the act.

Google supports a variety of advanced query words that are capable of narrowing the scope of a search. Spammers have latched onto this functionality as a means to direct an end user to a URL advertising their products or services, without directly pointing at a site. The approach, as with so many in the field of spamming, is designed to bypass junk mail filters.

Symantec came across the technique after coming across spam emails containing a URL that, on casual inspection, resembled a "Google search results" link. However, when clicked, the URL directs surfers to a site selling replicas of expensive watches, pens, and jewelry.

The trick worked because a spammer had managed to make a search query that was specific to their website, using an advanced Google search combining the "inurl" and "intext" operators. As the spammer has designed the query to yield only one result - that of the spamvertised site - surfers are taken directly to a junk-mail-promoted site after selecting what looks like a search result entry.

Full details of the google search can be found at the Symantec site.