Full Disclosure mailing list archives
Re: Phishing scam - Obfuscated url help please
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 23 Jan 2004 14:18:11 -0800
An easy way to de-obfuscate this is to give your browser this URL. Works at least with Mozilla, but I think other browsers support the javascript:pseudo-protocol, too.javascript:alert(decodeURI('<obfuscated-URL-here>'))
We have seen this done and exploited *mostly* on IRC spam (directed at the mIRC client).
Let's decode a URL that may end up making IE destroying the PC or emailing our passwords.. or downloading a dropper or,,, :o)
Gadi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Phishing scam - Obfuscated url help please Zach Forsyth (Jan 22)
- Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 22)
- Re: Phishing scam - Obfuscated url help please Valdis . Kletnieks (Jan 22)
- Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 23)
- Re: Phishing scam - Obfuscated url help please Valdis . Kletnieks (Jan 22)
- Re: Phishing scam - Obfuscated url help please Matthias Benkmann (Jan 23)
- Re: Phishing scam - Obfuscated url help please Gadi Evron (Jan 23)
- Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 23)
- Re: Phishing scam - Obfuscated url help please Gadi Evron (Jan 23)
- Re: Phishing scam - yet another Paypal phishing scam! Tobias Weisserth (Jan 24)
- Re: Phishing scam - yet another Paypal phishing scam! Valdis . Kletnieks (Jan 24)
- RE: Phishing scam - yet another Paypal phishingscam! Bill Royds (Jan 24)
- RE: Phishing scam - yet another Paypal phishingscam! Tobias Weisserth (Jan 25)
- <Possible follow-ups>
- RE: Phishing scam - Obfuscated url help please Leif Sawyer (Jan 22)
- Re: Phishing scam - Obfuscated url help please Nick FitzGerald (Jan 22)