ad@heapoverflow.com wrote:
WARNING!: dont login to the link , the sample link within
[SCAM][/SCAM] redirects to a real scammer website.
If i remember I saw on this list a post wich was warning about faking
scam links within google.com domain.
This is old -- real old.
I got this scam today:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]
wich is pretty easy to discover but I have tried a variant wich the
scammer probably forgot to use to grow his fooling possiblities:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]
should be nasty to scam google services or anything other via this
way. the scammer will hide its domain + "steal" google.com domain.
You think you're smart adding those two tricks together?
Well, some of the the phihsers are way ahead of you.
What happens if you double (or more) up on the Google redirs? Bounce
google.com's redir off, say, google.lv's redir? What if you throw a
Yahoo open redir in the mix?
Hmmmm, and if you do that, can you then double-encode some of the
escaped chars so they get decoded successively as they pass through
each redirector?
If you were clever enough to think of that before about March 2005 you
_may be_ smarter than the smart scammers, as combining all those was
what the clever ones were up to nearly a year ago (at least, that's
about when I first saw it).
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
