Latest phishing technique
|
Jun. 15, 2004, 07:01 AM
Post: #1
|
|||
|
|||
How would one filter the latest phish style which is supposed to work on even Mozilla browsers? Apparently the format is:
http://[trusted_site]%2F%20%20%20.[malicious_site]/ It would be necessary to remove any number of space codes from this. |
|||
Jun. 15, 2004, 08:41 AM
Post: #2
|
|||
|
|||
Do you have a real example URL?
|
|||
Jun. 15, 2004, 02:57 PM
Post: #3
|
|||
|
|||
Link Test
It doesn't seem to work on the forums here, I typed: http://74.53.146.215%2F%20%20%20.www.unitethecows.com PS - Both sites are clean. �{=(~�::[Shea]::��~)=}� How 'bout you sideburns, you want some of this milk? This fading text is pretty cool, eh? I bet you wish you had some. |
|||
Jun. 15, 2004, 03:25 PM
Post: #4
|
|||
|
|||
My un-prefix filter blocks those (with a slight problem with the link title)...
Code: Name = "Un-Prefix Multi URL Links [Key=^Shift] {unknown origin} (modified) [add]" |
|||
Jun. 15, 2004, 07:56 PM
Post: #5
|
|||
|
|||
I have no problem here... I have Mozilla Firefox [unsure]
|
|||
Jun. 16, 2004, 06:19 AM
Post: #6
|
|||
|
|||
When I try Shea's example, I get an error message. My browser is trying to find something on the first host, not the second. Just because spaces are in the URL, why would the browser go to the second host?
|
|||
Jun. 16, 2004, 06:20 AM
Post: #7
|
|||
|
|||
When I try Shea's example, I get an error message. My browser is trying to find something on the first host, not the second. Just because spaces are in the URL, why would the browser go to the second host?
|
|||
Jun. 16, 2004, 10:45 AM
Post: #8
|
|||
|
|||
That's what "phishing" is - a "method" to "trick" the browser into going to that second host... I'm not sure if a fully patched IE prevents this or not... All of the "latest" config sets prevent it if you use JD or sidki configs...
Try a Google search on "internet browser phishing" and see what comes up... |
|||
Jun. 16, 2004, 03:54 PM
Post: #9
|
|||
|
|||
In my example I also said it DIDNT WORK. I was just testing it here on the forums.
Last time didn't hpguru make some test pages? Maybe he'd do it again if we can get him back to the forums here. �{=(~�::[Shea]::��~)=}� How 'bout you sideburns, you want some of this milk? This fading text is pretty cool, eh? I bet you wish you had some. |
|||
Jul. 16, 2004, 10:12 PM
Post: #10
|
|||
|
|||
News of yet another phishing scam,here:
http://spamwatch.codefish.net.au/modules.p...article&sid=142 Pretty nice site,that.I hadn't been then before-followed a link from SANS. ????,??,????`????,? _J_G_ ????,??,????`????,? |
|||
« Next Oldest | Next Newest »
|