Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Google + Amazon fun scam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 28 Feb 2006 05:51:45 +1300

ad () heapoverflow com wrote:

WARNING!: dont login to the link , the sample link within
[SCAM][/SCAM] redirects to a real scammer website.

If i remember I saw on this list a post wich was warning about faking
scam links within google.com domain.

This is old -- real old.

I got this scam today:


wich is pretty easy to discover but I have tried a variant wich the
scammer probably forgot to use to grow his fooling possiblities:


should be nasty to scam google services or anything other via this
way. the scammer will hide its domain + "steal" google.com domain.

You think you're smart adding those two tricks together?

Well, some of the the phihsers are way ahead of you.

What happens if you double (or more) up on the Google redirs?  Bounce 
google.com's redir off, say, google.lv's redir?  What if you throw a 
Yahoo open redir in the mix?

Hmmmm, and if you do that, can you then double-encode some of the 
escaped chars so they get decoded successively as they pass through 
each redirector?

If you were clever enough to think of that before about March 2005 you 
_may be_ smarter than the smart scammers, as combining all those was 
what the clever ones were up to nearly a year ago (at least, that's 
about when I first saw it).


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]