[nsp-sec] Google Alerts & Social Engineering Attempts?
White, Gerard
Gerard.White at aliant.ca
Tue Sep 2 09:36:56 EDT 2008
Greetings & FYI
Not sure if this is "new" or not, but a friend gave me a heads-up on a
rather interesting
(but ugly) use of Google Alerts... A well crafted series of web sites
(or whatever) managed to initiate the generation of a very convincing
Alert that almost led this individual to:
hxxp://d.ijfobki.com/bi
Name: ijfobki.com
Address: 194.110.161.45
Aliases: d.ijfobki.com
AS | IP | AS Name
35415 | 194.110.161.45 | WEBAZILLA WebaZilla European Network
What's interesting about this ngnix/0.6.31 delivered data is that the
entire content of the site is
delivered in gzip... Including a couple of "bonus" scripts that appear
to track the Email client/service that the Google Alert was delivered to
in the first place.
Perhaps Google should consider some sort of additional technology to
watch for malicious URLs prior
to delivering Alerts under this service?
GW
855 - Bell Aliant
More information about the nsp-security
mailing list