Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Google + Amazon fun scam
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Mon, 27 Feb 2006 18:14:05 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
You think you're smart adding those two tricks together?

no just pubbing some interesting informations, wich for you we can all
read are not, maybe some will care, but I doubt your critics are
interesting here.

bye.

Nick FitzGerald wrote:
ad () heapoverflow com wrote:

WARNING!: dont login to the link , the sample link within
[SCAM][/SCAM] redirects to a real scammer website.

If i remember I saw on this list a post wich was warning about
faking scam links within google.com domain.

This is old -- real old.

I got this scam today:


[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]


wich is pretty easy to discover but I have tried a variant wich
the scammer probably forgot to use to grow his fooling
possiblities:


[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]


should be nasty to scam google services or anything other via
this way. the scammer will hide its domain + "steal" google.com
domain.

You think you're smart adding those two tricks together?

Well, some of the the phihsers are way ahead of you.

What happens if you double (or more) up on the Google redirs?
Bounce google.com's redir off, say, google.lv's redir?  What if you
throw a Yahoo open redir in the mix?

Hmmmm, and if you do that, can you then double-encode some of the
escaped chars so they get decoded successively as they pass through
 each redirector?

If you were clever enough to think of that before about March 2005
you _may be_ smarter than the smart scammers, as combining all
those was what the clever ones were up to nearly a year ago (at
least, that's about when I first saw it).


Regards,

Nick FitzGerald

_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBRAMzXK+LRXunxpxfAQJDJQ//ZPISc+JOiHv7+veiwhi+BAyCkB2h2otB
MGsKy77rv9B2qieRVi+7MheOX7XSk2HiNzN0FQ+ZCBzSFgOPIafmZy3jak7R12Y4
QlS+oGuptL+nixGA4rTBTpk+u37nrHw7Xx63FvEk/J9rGm9Jz31jBiQwIxlT4Rz6
8EwCbwgHh71wqpGcTTF/MSGcj6UxUbqwLLSlHsNgl7WJLTug1is3OxrzTAqysv+k
IJ+i5oSQB4p34BJuK+pTJcTijc8KCg0y0lVKkWbnzWM5WGlOAcGN1NqsngoXUpug
il/DbU6r8xuA7+XFjn8fFgRRTv5z25IA2n6kaemJx6fb0dB3pW35vXST6s0/DcI3
pWkn9uKhpA2sWeAPgwowHnNshHRlOVc72C14ccU5tCTF8ohvSJ3E54dqjcjlMNjD
mzZew5H7cHAOsfacwIkdA6F6kAaZ6XOLwULtlS8aa54xv+wf18h/pq3MJSqr6mM7
pxDIJJ8wsydlYsYNQgSyGdwXZJ0KeuglsiRoGutVIAQw+SU7l2ju4eBuZqHmVUiz
1++6NbVYW/uRVWyKXHIG8FljNK5sUAGbRJHMNrL/ROMXdzlWgmvJ5XVOyJlWNPHe
60hLZ3shTB/X8/1VReViWUvCNfgQGxqXNFeWS/LEU9WR9yTtEWhE46pOhuxRiFT3
zV07YFJpg/c=
=HdCr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault