[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Google Redirect URL actively used for Phishing

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Google Redirect URL actively used for Phishing
Date: Tue, 22 Aug 2006 11:26:29 -0700

Caught this on RSnakes blog:

Google Redirection Hole Used For Phishing http://ha.ckers.org/blog/20060822/google-redirection-hole-used-for- phishing/

He got a fake eBay email with the following linked url: (Clicking is NOT recommended) http://www.google.com/url?q=http://66.207.71.141/signin.ebay.com/ Members_Log-in.htm

While redirect URL functionality does not seem particularly dangerous on the face of it, Phishers are using them to increase the credibility of their attacks.


Regards,

Jeremiah Grossman
Chief Technology Officer
WhiteHat Security, Inc.
http://www.whitehatsec.com

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  - From: Ryan Barnett

Prev by Date: [WEB SECURITY] Mitnick's website hacked (again)
Next by Date: Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
Previous by thread: [WEB SECURITY] Mitnick's website hacked (again)
Next by thread: Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site