Full Disclosure mailing list archives
RE: Re: Google + Amazon fun scam
From: Steven Rakick <stevenrakick () yahoo com>
Date: Tue, 28 Feb 2006 11:37:01 -0800 (PST)
If anything, it's probably best suited (and even then, not very well) to steal authentication information for Google Services by replicating a login page. Still a stretch. ad () heapoverflow com wrote:
If i remember I saw on this list a post wich was
warning about faking
scam links within google.com domain. I got this scam today:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninl
imburg.nl/forum/www.amazon.com/index.html[/SCAM] wich is pretty easy to discover but I have tried a
variant wich the
scammer probably forgot to use to grow his fooling
possiblities:
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2
F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F
%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%
64%65%78%2E%68%74%6D%6C[/SCAM]
This is the exact same vuln really, calling it a variant seems to be slightly exaggerated.
should be nasty to scam google services or anything
other via this
way. the scammer will hide its domain + "steal"
google.com domain. The scammer will do no such thing, that's a very ordinary redirect and the browser's address bar will show the scammer's domain and have nothing to do with google. You should have tried it out before you said this! Here's a couple of safe examples for you to try and see for yourself that it hides nothing and steals nothing. http://google.com/url?sa=p&pref=ig&pval=2&q=http://news.bbc.co.uk http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%77%77%2E%62%62%63%2E%63%6F%2E%75%6B%2F I don't think this is much use for a scam; sure, it can to hide the real destination address, but it doesn't let you replace it with a bogus one, and besides, if you get an email from your bank telling you to update your account but the link says google.com, isn't that /more/ likely to make people suspicious and less likely to fool them then if it just had a domain name in plain text that was just very-similar-but-not-quite-the-same as the real bank name? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google + Amazon fun scam ad () heapoverflow com (Feb 27)
- Re: Google + Amazon fun scam Nick FitzGerald (Feb 27)
- Re: Google + Amazon fun scam ad () heapoverflow com (Feb 27)
- Re: Google + Amazon fun scam Dave Korn (Feb 28)
- <Possible follow-ups>
- RE: Re: Google + Amazon fun scam Steven Rakick (Feb 28)
- Re: Google + Amazon fun scam Nick FitzGerald (Feb 27)