'Re: [Full-disclosure] Google + Amazon fun scam'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Google + Amazon fun scam
From:       "ad () heapoverflow ! com" <ad () heapoverflow ! com>
Date:       2006-02-27 17:14:05
Message-ID: 4403335D.5010806 () heapoverflow ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
> You think you're smart adding those two tricks together?

no just pubbing some interesting informations, wich for you we can all
read are not, maybe some will care, but I doubt your critics are
interesting here.

bye.

Nick FitzGerald wrote:
> ad@heapoverflow.com wrote:
> 
> > WARNING!: dont login to the link , the sample link within
> > [SCAM][/SCAM] redirects to a real scammer website.
> > 
> > If i remember I saw on this list a post wich was warning about
> > faking scam links within google.com domain.
> 
> This is old -- real old.
> 
> > I got this scam today:
> > 
> > 
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=http://wielrenneninlimburg.nl/forum/www.amazon.com/index.html[/SCAM]

> > 
> > 
> > wich is pretty easy to discover but I have tried a variant wich
> > the scammer probably forgot to use to grow his fooling
> > possiblities:
> > 
> > 
[SCAM]http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%3A%2F%2F%77%69%65%6C%72 \
%65%6E%6E%65%6E%69%6E%6C%69%6D%62%75%72%67%2E%6E%6C%2F%66%6F%72%75%6D%2F%77%77%77%2E%61%6D%61%7A%6F%6E%2E%63%6F%6D%2F%69%6E%64%65%78%2E%68%74%6D%6C[/SCAM]

> > 
> > 
> > should be nasty to scam google services or anything other via
> > this way. the scammer will hide its domain + "steal" google.com
> > domain.
> 
> You think you're smart adding those two tricks together?
> 
> Well, some of the the phihsers are way ahead of you.
> 
> What happens if you double (or more) up on the Google redirs?
> Bounce google.com's redir off, say, google.lv's redir?  What if you
> throw a Yahoo open redir in the mix?
> 
> Hmmmm, and if you do that, can you then double-encode some of the
> escaped chars so they get decoded successively as they pass through
> each redirector?
> 
> If you were clever enough to think of that before about March 2005
> you _may be_ smarter than the smart scammers, as combining all
> those was what the clever ones were up to nearly a year ago (at
> least, that's about when I first saw it).
> 
> 
> Regards,
> 
> Nick FitzGerald
> 
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBRAMzXK+LRXunxpxfAQJDJQ//ZPISc+JOiHv7+veiwhi+BAyCkB2h2otB
MGsKy77rv9B2qieRVi+7MheOX7XSk2HiNzN0FQ+ZCBzSFgOPIafmZy3jak7R12Y4
QlS+oGuptL+nixGA4rTBTpk+u37nrHw7Xx63FvEk/J9rGm9Jz31jBiQwIxlT4Rz6
8EwCbwgHh71wqpGcTTF/MSGcj6UxUbqwLLSlHsNgl7WJLTug1is3OxrzTAqysv+k
IJ+i5oSQB4p34BJuK+pTJcTijc8KCg0y0lVKkWbnzWM5WGlOAcGN1NqsngoXUpug
il/DbU6r8xuA7+XFjn8fFgRRTv5z25IA2n6kaemJx6fb0dB3pW35vXST6s0/DcI3
pWkn9uKhpA2sWeAPgwowHnNshHRlOVc72C14ccU5tCTF8ohvSJ3E54dqjcjlMNjD
mzZew5H7cHAOsfacwIkdA6F6kAaZ6XOLwULtlS8aa54xv+wf18h/pq3MJSqr6mM7
pxDIJJ8wsydlYsYNQgSyGdwXZJ0KeuglsiRoGutVIAQw+SU7l2ju4eBuZqHmVUiz
1++6NbVYW/uRVWyKXHIG8FljNK5sUAGbRJHMNrL/ROMXdzlWgmvJ5XVOyJlWNPHe
60hLZ3shTB/X8/1VReViWUvCNfgQGxqXNFeWS/LEU9WR9yTtEWhE46pOhuxRiFT3
zV07YFJpg/c=
=HdCr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic