Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] Re: Google + Amazon fun scam

from [Steven Rakick] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] Re: Google + Amazon fun scam
Date: Tue, 28 Feb 2006 11:37:01 -0800 (PST) 
If anything, it's probably best suited (and even then,
not very well) to steal authentication information for
Google Services by replicating a login page. Still a
stretch.

ad@heapoverflow.com wrote:


If i remember I saw on this list a post wich was

warning about faking 

scam links within google.com domain.
I got this scam today:



[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninl

imburg.nl/forum/www.amazon.com/index.html[/SCAM]

wich is pretty easy to discover but I have tried a

variant wich the 

scammer probably forgot to use to grow his fooling

possiblities:




[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2



F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F



%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%

64%65%78%2E%68%74%6D%6C[/SCAM]


  This is the exact same vuln really, calling it a
variant seems to be slightly exaggerated.


should be nasty to scam google services or anything

other via this 

way. the scammer will hide its domain + "steal"

google.com domain.

  The scammer will do no such thing, that's a very
ordinary redirect and the browser's address bar will
show the scammer's domain and have nothing to do with
google.  You should have tried it out before you said
this!  Here's a couple of safe examples for you to try
and see for yourself that it hides nothing and steals
nothing.

http://google.com/url?sa=p&pref=ig&pval=2&q=http://news.bbc.co.uk

http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%77%77%2E%62%62%63%2E%63%6F%2E%75%6B%2F


  I don't think this is much use for a scam; sure, it
can to hide the real destination address, but it
doesn't let you replace it with a bogus one, and
besides, if you get an email from your bank telling
you to update your account but the link says
google.com, isn't that /more/ likely to make people
suspicious and less likely to fool them then if it
just had a domain name in plain text that was just
very-similar-but-not-quite-the-same as the real bank
name?

    cheers,
      DaveK
--
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: [Full-disclosure] Re: Google + Amazon fun scam, Steven Rakick <=
Previous by Date:  [Full-disclosure] Re: Google + Amazon fun scam, Dave Korn
Next by Date:  Re: [Full-disclosure] reduction of brute force log, Gary E. Miller
Previous by Thread:  [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Renaud Lifchitz
Next by Thread:  [Full-disclosure] [ MDKSA-2006:051 ] - Updated gettext packages fix temporary file vulnerabilities, security
Indexes:  [Date] [Thread] [Top] [All Lists]