Re: Google + Amazon fun scam

[Nick FitzGerald <nick () virus-l demon co uk>]

ad () heapoverflow com wrote:

> WARNING!: dont login to the link , the sample link within
> [SCAM][/SCAM] redirects to a real scammer website.
>
> If i remember I saw on this list a post wich was warning about faking
> scam links within google.com domain.

This is old -- real old.

> I got this scam today:
>
> [SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]
>
> wich is pretty easy to discover but I have tried a variant wich the
> scammer probably forgot to use to grow his fooling possiblities:
>
> [SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]
>
> should be nasty to scam google services or anything other via this
> way. the scammer will hide its domain + "steal" google.com domain.

You think you're smart adding those two tricks together?

Well, some of the the phihsers are way ahead of you.

What happens if you double (or more) up on the Google redirs?  Bounce 
google.com's redir off, say, google.lv's redir?  What if you throw a 
Yahoo open redir in the mix?

Hmmmm, and if you do that, can you then double-encode some of the 
escaped chars so they get decoded successively as they pass through 
each redirector?

If you were clever enough to think of that before about March 2005 you 
_may be_ smarter than the smart scammers, as combining all those was 
what the clever ones were up to nearly a year ago (at least, that's 
about when I first saw it).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/