Educause Security Discussion mailing list archives
Re: phishing link using Google...
From: Jeni Li <jeni.li () ASU EDU>
Date: Wed, 30 Nov 2005 12:22:51 -0700
<snip author="Gary">
|Out of curiosity, why would someone use Google as the |start point of a phishing link?
</snip> <snip author="Michael">
One benefit of redirecting phishing targets through Google is so enterprises can't block the phishing site for their constituency using perhaps more traditional means - via DNS or advertising bogus routes for the destination web server's IP address.
</snip> I thought the same thing at first, but I hit the URL in question with a sniffer running. All the Google hit does is 302-redirect you to the URL provided in the query string (aside, seems like kind of a dumb "service" for Google to offer). Because of the redirect, the client machine still makes a normal GET request to the phishy server, after hitting the Google URL... so the Google URL wouldn't serve effectively to work around any measures designed to block undesirable HTTP traffic. Given that, I think Robert Kerr's rationale (working around anti-spam/privacy software that uses URI blacklists -- e.g., SpamAssassin at the server or Norton at the desktop) is the most probable. Thanks to Robert for posting; I was scratching my head over this for a while. Jeni Li Arizona State University
Current thread:
- phishing link using Google... Gary Flynn (Nov 30)
- <Possible follow-ups>
- Re: phishing link using Google... Michael Hornung (Nov 30)
- Re: phishing link using Google... Robert Kerr (Nov 30)
- Re: phishing link using Google... A. J. Wright (Nov 30)
- Re: phishing link using Google... Jeni Li (Nov 30)
- Re: phishing link using Google... Gary Flynn (Nov 30)