Usually I don’t click on phishing links, especially when the header is forged and the subject contains PayPal
However, this link raised some suspicions becaused it looked like a google forceful redirect http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu- FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&amp;amp;amp;amp ;amp;amp;amp;amp;amp;amp;amp;num=5&adurl=http://220.127.116.11:82/www.paypal.com/cgi-bin /webscr=home=p/index.php So I decided to capture the traffic and see what it’s all about. Well.. I don’t know if this is a new way to exploit google or is it an-every-day-phishing-link but this is the full movie of the events :
Request #1 My browser requests the google page : Response #1 Google issues a 302 redirect to www.googleadservices.com Request #2 As instructed by the 302 response, my browser requests the page from www.googleadservices.com Response #2 Googleadservices.com responds with another 302 redirect to the scammer’s phishing site which is http://18.104.22.168:82/www.paypal.com/cgi-bin/webscr=home=p/index.php Request #3 Again, as instructed by the redirect, my browser requests the phishing URL Response #3 Phishing site responds as it should , delivering a copy of paypal.com Response #4 Firefox flags the site as phishing and advises about it There you have it. PayPal phishing using Adsense forceful redirect. Pretty nasty… to say the least.
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Monday, April 16th, 2007 . Tagged with:
Previous Post: Month of PHP Bugs – Days 23 – 31 »
Next Post: Next-Generation Web Application Security Threats »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!