lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4403E4F1.11281.15C8BE16@nick.virus-l.demon.co.uk>
Date: Mon Feb 27 16:52:21 2006
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Google + Amazon fun scam

ad@...poverflow.com wrote:

> WARNING!: dont login to the link , the sample link within
> [SCAM][/SCAM] redirects to a real scammer website.
> 
> If i remember I saw on this list a post wich was warning about faking
> scam links within google.com domain.

This is old -- real old.

> I got this scam today:
> 
> [SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]
> 
> wich is pretty easy to discover but I have tried a variant wich the
> scammer probably forgot to use to grow his fooling possiblities:
> 
> [SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]
> 
> should be nasty to scam google services or anything other via this
> way. the scammer will hide its domain + "steal" google.com domain.

You think you're smart adding those two tricks together?

Well, some of the the phihsers are way ahead of you.

What happens if you double (or more) up on the Google redirs?  Bounce 
google.com's redir off, say, google.lv's redir?  What if you throw a 
Yahoo open redir in the mix?

Hmmmm, and if you do that, can you then double-encode some of the 
escaped chars so they get decoded successively as they pass through 
each redirector?

If you were clever enough to think of that before about March 2005 you 
_may be_ smarter than the smart scammers, as combining all those was 
what the clever ones were up to nearly a year ago (at least, that's 
about when I first saw it).


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ