Full Disclosure mailing list archives
Re: Google + Amazon fun scam
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Mon, 27 Feb 2006 18:14:05 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
You think you're smart adding those two tricks together?
no just pubbing some interesting informations, wich for you we can all read are not, maybe some will care, but I doubt your critics are interesting here. bye. Nick FitzGerald wrote:
ad () heapoverflow com wrote:WARNING!: dont login to the link , the sample link within [SCAM][/SCAM] redirects to a real scammer website. If i remember I saw on this list a post wich was warning about faking scam links within google.com domain.This is old -- real old.I got this scam today:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]
wich is pretty easy to discover but I have tried a variant wich the scammer probably forgot to use to grow his fooling possiblities:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]
should be nasty to scam google services or anything other via this way. the scammer will hide its domain + "steal" google.com domain.You think you're smart adding those two tricks together? Well, some of the the phihsers are way ahead of you. What happens if you double (or more) up on the Google redirs? Bounce google.com's redir off, say, google.lv's redir? What if you throw a Yahoo open redir in the mix? Hmmmm, and if you do that, can you then double-encode some of the escaped chars so they get decoded successively as they pass through each redirector? If you were clever enough to think of that before about March 2005 you _may be_ smarter than the smart scammers, as combining all those was what the clever ones were up to nearly a year ago (at least, that's about when I first saw it). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBRAMzXK+LRXunxpxfAQJDJQ//ZPISc+JOiHv7+veiwhi+BAyCkB2h2otB MGsKy77rv9B2qieRVi+7MheOX7XSk2HiNzN0FQ+ZCBzSFgOPIafmZy3jak7R12Y4 QlS+oGuptL+nixGA4rTBTpk+u37nrHw7Xx63FvEk/J9rGm9Jz31jBiQwIxlT4Rz6 8EwCbwgHh71wqpGcTTF/MSGcj6UxUbqwLLSlHsNgl7WJLTug1is3OxrzTAqysv+k IJ+i5oSQB4p34BJuK+pTJcTijc8KCg0y0lVKkWbnzWM5WGlOAcGN1NqsngoXUpug il/DbU6r8xuA7+XFjn8fFgRRTv5z25IA2n6kaemJx6fb0dB3pW35vXST6s0/DcI3 pWkn9uKhpA2sWeAPgwowHnNshHRlOVc72C14ccU5tCTF8ohvSJ3E54dqjcjlMNjD mzZew5H7cHAOsfacwIkdA6F6kAaZ6XOLwULtlS8aa54xv+wf18h/pq3MJSqr6mM7 pxDIJJ8wsydlYsYNQgSyGdwXZJ0KeuglsiRoGutVIAQw+SU7l2ju4eBuZqHmVUiz 1++6NbVYW/uRVWyKXHIG8FljNK5sUAGbRJHMNrL/ROMXdzlWgmvJ5XVOyJlWNPHe 60hLZ3shTB/X8/1VReViWUvCNfgQGxqXNFeWS/LEU9WR9yTtEWhE46pOhuxRiFT3 zV07YFJpg/c= =HdCr -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google + Amazon fun scam ad () heapoverflow com (Feb 27)
- Re: Google + Amazon fun scam Nick FitzGerald (Feb 27)
- Re: Google + Amazon fun scam ad () heapoverflow com (Feb 27)
- Re: Google + Amazon fun scam Dave Korn (Feb 28)
- <Possible follow-ups>
- RE: Re: Google + Amazon fun scam Steven Rakick (Feb 28)
- Re: Google + Amazon fun scam Nick FitzGerald (Feb 27)