Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Re: Google + Amazon fun scam

from [Dave Korn] Network Security [Permanent Link]
Subject: [Full-disclosure] Re: Google + Amazon fun scam
Date: Tue, 28 Feb 2006 19:21:18 -0000 
ad@heapoverflow.com wrote:


If i remember I saw on this list a post wich was warning about faking
scam links within google.com domain.
I got this scam today:

[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]

wich is pretty easy to discover but I have tried a variant wich the
scammer probably forgot to use to grow his fooling possiblities:

[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]


  This is the exact same vuln really, calling it a variant seems to be 
slightly exaggerated.


should be nasty to scam google services or anything other via this
way. the scammer will hide its domain + "steal" google.com domain.


  The scammer will do no such thing, that's a very ordinary redirect and the 
browser's address bar will show the scammer's domain and have nothing to do 
with google.  You should have tried it out before you said this!  Here's a 
couple of safe examples for you to try and see for yourself that it hides 
nothing and steals nothing.

http://google.com/url?sa=p&pref=ig&pval=2&q=http://news.bbc.co.uk

http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%77%77%2E%62%62%63%2E%63%6F%2E%75%6B%2F


  I don't think this is much use for a scam; sure, it can to hide the real 
destination address, but it doesn't let you replace it with a bogus one, and 
besides, if you get an email from your bank telling you to update your 
account but the link says google.com, isn't that /more/ likely to make 
people suspicious and less likely to fool them then if it just had a domain 
name in plain text that was just very-similar-but-not-quite-the-same as the 
real bank name?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Renaud Lifchitz
Next by Date:  RE: [Full-disclosure] Re: Google + Amazon fun scam, Steven Rakick
Previous by Thread:  Re: [Full-disclosure] Google + Amazon fun scam, ad@heapoverflow.com
Next by Thread:  [Full-disclosure] [SECURITY] [DSA 982-1] New gpdf packages fix several vulnerabilities, Martin Schulze
Indexes:  [Date] [Thread] [Top] [All Lists]