Bugtraq mailing list archives

Re: Spoofed Yahoo web site - www.yaho.co.uk

From: isles () LAMER NET (Paul McGovern)
Date: Tue, 9 Feb 1999 17:49:00 -0500


On Mon, 8 Feb 1999, Paul Murphy wrote:

| Hi,
|
| You might like to try this one on for size, and advise whether there's
| anything nasty going on behind this site.....

Going to this site in lynx, we're given a page with the following link on
it:
                       The requested URL probably is:

                           http://www.yahoo.co.uk

however, the link behind this is actually
http://www.aae.net/typo/typolink.shtml. Following this link takes you to a
page with one main frame (which has the actual link to
http://www.yahoo.co.uk) and 14 others, which under netscape for linux are
hidden. However, of course, lynx tells us where they go :> the sites they
lead to are:

http://199.217.203.16/stats.asp?sb5553
http://www.gaytradition.com/trafficcash/trafficcash.cgi?nutzw1
http://cgi2.hotshots.net/0/nutzw1
http://adultad.hotlynxxx.com/hotapi.wsa/GIF1852
http://ad.xxxteen.com/INDEX_2632.shtml
http://ad.xxxpic.com/adult/21/INDEX_2675.shtml
http://ad.xxxteen.com/INDEX_2709.shtml
http://ad.mpgworld.com/INDEX_2661.shtml
http://ad.xxxteen.com/indexmain.shtml
http://ad.xxxpic.com/adult/21/start.htm
http://ad.mpgworld.com/start.htm

with a couple of them repeated. Under netscape for linux, it automatically
refreshed my browser to www.yahoo.co.uk but watching the status bar i
could see netscape trying to look up all of these sites so I know it was
working in the background to connect to those sites. Pretty harmless,
looks to me like someone's little scheme to generate fake 'banner clicks,'
pretty lame but more original than spamming eh? Anyway, it doesn't look
like this has anything malicious like a session watcher behind it, just
someone's idea of making a little spare cash. Of course, I could be
wrong... this is all just speculation :> Regards,

-=--=--=--=--=--=--=--=--=--=--=--=--=--=-
Paul McGovern (nyisles) - isles () lamer net
BSBW Public Library - Technical Assistant
Administrator - redemption.bc.ca.xnet.org
Administrator - krad.fef.net
http://www.krad.org (under construction)
-=--=--=--=--=--=--=--=--=--=--=--=--=--=-

Current thread:

Re: ISS Internet Scanner Cannot be relied upon for conclusive Chris Brenton (Feb 08)
- FakeBo 0.3.1 & nmap Michael (Feb 08)
- Spoofed Yahoo web site - www.yaho.co.uk Paul Murphy (Feb 08)
  - Re: Spoofed Yahoo web site - www.yaho.co.uk Paul McGovern (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Christopher Masto (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 10)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 10)
    - Re: ISS Internet Scanner Cannot be relied upon for conclusive Darren Reed (Feb 12)
  - NetApp Filer software versions 5.x: potential hardware killer Jason Downs (Feb 10)
- Netect Advisory: palmetto.ftpd - remote root overflow Jordan Ritter (Feb 09)
  - Re: Netect Advisory: palmetto.ftpd - remote root overflow bugtraq mailing list account (Feb 09)
- <Possible follow-ups>
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Mr. joej (Feb 08)
  - Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)

(Thread continues...)