lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4403335D.5010806@heapoverflow.com>
Date: Mon Feb 27 17:14:20 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Google + Amazon fun scam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
> You think you're smart adding those two tricks together?

no just pubbing some interesting informations, wich for you we can all
read are not, maybe some will care, but I doubt your critics are
interesting here.

bye.

Nick FitzGerald wrote:
> ad@...poverflow.com wrote:
>
>> WARNING!: dont login to the link , the sample link within
>> [SCAM][/SCAM] redirects to a real scammer website.
>>
>> If i remember I saw on this list a post wich was warning about
>> faking scam links within google.com domain.
>
> This is old -- real old.
>
>> I got this scam today:
>>
>>
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]
>>
>>
>> wich is pretty easy to discover but I have tried a variant wich
>> the scammer probably forgot to use to grow his fooling
>> possiblities:
>>
>>
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]
>>
>>
>> should be nasty to scam google services or anything other via
>> this way. the scammer will hide its domain + "steal" google.com
>> domain.
>
> You think you're smart adding those two tricks together?
>
> Well, some of the the phihsers are way ahead of you.
>
> What happens if you double (or more) up on the Google redirs?
> Bounce google.com's redir off, say, google.lv's redir?  What if you
> throw a Yahoo open redir in the mix?
>
> Hmmmm, and if you do that, can you then double-encode some of the
> escaped chars so they get decoded successively as they pass through
>  each redirector?
>
> If you were clever enough to think of that before about March 2005
> you _may be_ smarter than the smart scammers, as combining all
> those was what the clever ones were up to nearly a year ago (at
> least, that's about when I first saw it).
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBRAMzXK+LRXunxpxfAQJDJQ//ZPISc+JOiHv7+veiwhi+BAyCkB2h2otB
MGsKy77rv9B2qieRVi+7MheOX7XSk2HiNzN0FQ+ZCBzSFgOPIafmZy3jak7R12Y4
QlS+oGuptL+nixGA4rTBTpk+u37nrHw7Xx63FvEk/J9rGm9Jz31jBiQwIxlT4Rz6
8EwCbwgHh71wqpGcTTF/MSGcj6UxUbqwLLSlHsNgl7WJLTug1is3OxrzTAqysv+k
IJ+i5oSQB4p34BJuK+pTJcTijc8KCg0y0lVKkWbnzWM5WGlOAcGN1NqsngoXUpug
il/DbU6r8xuA7+XFjn8fFgRRTv5z25IA2n6kaemJx6fb0dB3pW35vXST6s0/DcI3
pWkn9uKhpA2sWeAPgwowHnNshHRlOVc72C14ccU5tCTF8ohvSJ3E54dqjcjlMNjD
mzZew5H7cHAOsfacwIkdA6F6kAaZ6XOLwULtlS8aa54xv+wf18h/pq3MJSqr6mM7
pxDIJJ8wsydlYsYNQgSyGdwXZJ0KeuglsiRoGutVIAQw+SU7l2ju4eBuZqHmVUiz
1++6NbVYW/uRVWyKXHIG8FljNK5sUAGbRJHMNrL/ROMXdzlWgmvJ5XVOyJlWNPHe
60hLZ3shTB/X8/1VReViWUvCNfgQGxqXNFeWS/LEU9WR9yTtEWhE46pOhuxRiFT3
zV07YFJpg/c=
=HdCr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ