Nikke Index

En kärleksförklaring till Internet sedan 1997 // Nikke Lindqvist

You are here: Home / Open redirectors as a tool for scammers

Open redirectors as a tool for scammers

by 3 Comments

How would you classify the below URL?
http://www.google.com/url?q=http%3A%2F%2Fwww.ebay.com

As belonging to Google or as one belonging to eBay? It leads into eBay.com, but it goes there via Google… Well, how about this one:

http://www.google.com/url?q=http%3A%2F%2Fwww.lindqvist.com/ url/?q=http%3A%2F%2Fwww.ebay.com

Horrible, isn’t it? It’s somehow associated with Google, ends up at eBay and it’s not quite clear what the www.lindqvist.com part has to do with it. And it could get worse.

We could obfuscate the lindqvist.com part even more, or let the whole thing pass via some other open url redirector. Or, if I was a scammer, I could hide the fact that you would pass through some other sites simply by printing the link like http://www.ebay.com

This is what scammers do every day. But they would insert yet another level to their structure. A page of their own, preferably an IP address, with a page looking exactly as the login page on eBay, Paypal, or your Internet Bank.

There’s loads of examples around, but there’s not much good in linking to them, since they crop ut, close down, move and crop up again in different addresses each day.

The one thing for you to remember, is to head straight to the site you want to go to, when money is involved. Never trust a mail that looks as if it comes from any financial institution. Never click the links in them, just go to the address you usually use, or click on that bookmark of yours!

Then, it can be even worse

Actually, the matter has become even worse lately, because of the potential risk if DNS injections, more often refered to as ”DNS Cache Poisoning”. You can read a good, and quite comprehensive description of this at
http://www.securityfocus.com/guest/17905

The big problem is that Microsoft’s NT4 servers are one of the potential targets for this type of attacks. And just what kind of servers are often used for local DNS services on medium sized companies? Here’s Microsoft’s own how-to on how to avoid this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352

So, add a bit if DNS cache poisoning to the url redirectors on top of this page and you end up in a situation where you can never actually be quite safe as to where you actually are on the web…

A pessimistic thought to start off a weak for sure.

Passa på att läsa

Flikar och ”fäll ut”-innehåll – nästan lika dåligt som dold text

I slutet av januari gjordes en av de större uppdateringarna av Googles riktlinjer för webbplatsägare, och det enligt mig intressantaste stycket kan få stor påverkan på hur webbplatser hanterar javascript-objekt som fäller ut mer text eller visar menyer först efter att man scrollar nedåt på sidan. Så har du en sajt som visar större delen av ett textobjekt först efter att användaren klickar på [fäll ut] eller [visa], så bör du nog läsa den här artikeln.

Fler inlägg från denna kategori

  • I have a redirector on my website, but I protect it with a secret key so an authentication token needs to be sent along with the URL. See here for more details:

    https://secure.grepular.com/Secure_URL_Redirect

  • I've seen this a couple of times and it really annoys me that people do this. One other form of this trick is using those URL shortening websites like bit.ly. I admit they are very helpful tools, but I hope that no one abuse these kinds of tolls.

  • It seems like the number of scammers just increase every day, really annoying can’t they earn the same amounts while being honest?