Message-ID: <4b6ee9310804251648u303edad6rd841a5d63f68a913@mail.gmail.com>
Date: Sat, 26 Apr 2008 00:48:59 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com>
Subject: Fwd: Its time to take rick rolling seriously

---------- Forwarded message ----------
From: n3td3v <xploitable@...il.com>
Date: Sat, Apr 5, 2008 at 2:17 AM
Subject: Its time to take rick rolling seriously
To: n3td3v <n3td3v@...glegroups.com>


We need a big list of all the rick roll URL's, so we can protect the
 public against it.

 Network operators need a list of rick roll URL's to add to the block list.

 Can someone harvest all the rick roll URL's and post them as one list
 for folks to copy&paste into their block lists?

 Some of the rick rolls don't go to Youtube, some of them are
 sophisticated javascript that we need to clampdown on, so not to waste
 productivity and resources on these sites getting executed
 accidentally.

 If you don't think this is a security issue, its time to wake up.

 RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS

 If you look at how many hits the Youtube rick roll got alone, then
 that goes someway in showing your average joe how easy it is to
 compromise folks through phishing.

 Sure, it looks harmless enough, but the bottom like is, the Youtube
 link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has
 generated upto  9,290,352 views in only a few months since the craze
 took off via mostly social bookmarking sites such as Digg, Reddit.

 Those could easily equal into 9,290,352 malicious phishes, 9,290,352
 credit cards and 9,290,352 identity frauds.

 Now, what happens if the cyber criminals catch onto the rick roll and
 start "cyber rolling" everyone with malicious code or links to a
 forged banking site, then that's really going to be bad.

 So who is keeping track of rick rolling, so it doesn't turn into a
 "cyber roll" where folks get compromised?

 The media and others should use the rick rolling as a wake up call as
 to how easy it is for folks to be fooled, and if its just rick ashley
 this time, it might be more than "never gonna give you up" next time,
 because it could be your cyber security and bank info you're giving up
 in the future, so i'm calling on network security professionals and
 the media to use rick rolling as a highlight case of the dangers posed
 by social engineering and phishing by hackers, which can ultimately
 lead to data loss and disaster. rick rolling should be used to
 highlight awareness of the threat posed by link-based-phishing towards
 your everyday average single mom, retired couple or the 9,290,352
 folks who have to date been "rick rolled", who are the next
 potentially phished.

 And, not all, rick rolling could be used be an attacker to see how
 gullible his target is to links, before carrying out a full on
 phishing attack, so there are many issues here with rick rolling which
 the security community may not have grasped up till now.

 If you think its stupid, 9,290,352 were and thats alarming says n3td3v.

 There are stupid people out there and rick rolling could be an easy
 way to find the stupid people before your ultimate attack.

 Carry on the uses of rick rolling below this e-mail by cyber attackers
 and the indications its giving out to folks on how easy phishing and
 socialing engineering really is on the internet today.

 I see a new craze of "cyber rolling" coming which hackers can exploit
 and i'm not sure if I like it very much, its fun and games at the
 moment, but just wait to the hackers catch on and things develop with
 the rick roll trend.

 I'm worried, are you?

 All the best,

 n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists