funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: verification

From: "David Lodge" <dave () cirt net>
Date: Wed, 21 Jan 2009 17:59:14 -0000
On Wed, 21 Jan 2009 03:08:06 -0000, RandallM <randallm () fidmail com> wrote:

While sitting on a myspace page it changes to:

a warning about :http://sg11scanner.com/sg1/1/10219 (which was in the
address bar). If I clicked on "why..." it took me to:
(http://www.facebook.com/photo.php?pid=30252739&l=95d86&id=1274153615)

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://sg11scanner.com/sg1/1/10219
(http://www.facebook.com/photo.php?pid=30252742&l=a136d&id=1274153615)

If I clicked on the "ignore" I got taken to the site that was:
http://www.facebook.com/photo.php?pid=30252743&l=56a2d&id=1274153615

Any one brave tonight. I'm going to bed not feeling like playing.


Wget on Linux is the easy way ;-)

It's a fake up page to make it look like you have an infection. The  
"magic" for downloading on the page itself is:
     function doStartDownload() {
      window.location="http://dlsgd3.com/spygd08/install.php?track_id=10219";;

      return;
     }
     <div class="errors_d"><a onclick="javascript:doStartDownload();return  
false;" href="#"><img src="/images/sg1/error_detected.gif" alt=""  
/></a></div>

So not very sneaky, as you get the a conventional download box. I'm not  
really a malwarey type person, but the install for dlsgd3.com doesn't look  
fluffy. It just seems to try social engineering, by trying to look like an  
official MS message, so not much of a threat!

dave

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: