Monday, September 12, 2011

Phishing Attack: Using redirection

It has come to my attention the escalation in phishing attempts coming to my gmail account. In 4 days I got 3 emails that managed to pass the spam protection. They all claimed they were my twitter friends and that they found someone faking my account, my twitter picture, twitter avatar and what not.

I always inspect the url before clicking because I want to explore the vulnerabilities (of course the safest to do is just to report as spam anything looking suspicious) So I took a look at them and they were all referring to well known websites that are "offerring free redirection services". I hope this is just a bug in CNN.com and pepsi.com. Do not hit the urls below before reading the rest of this post. Here are the URLs:
http://pepsi.com/pepsi_redirect.php?theurl=jurism%2Ecom%2Foldweb%2Ftraffic168
http://mexico.cnn.com/redirectComplete.php?url=%2F%2Fjurism%2Ecom%2Foldweb%2Ftraffic168
http://mexico.cnn.com/redirectComplete.php?url=%2F%2Ftwitmytweets%2Eit%2Etc

Open Firefox and delete all your cookies. Failure to do that will probably compromise things like your google/gmail account.

If you take a look at the traces you will notice there were attempts to get some stuff from google.com. If you are logged into gmail or other google services your cookies for google.com will be compromised and the intruder could fake your session resulting in identity theft.

No comments:

Followers