[nsp-sec] Google Alerts & Social Engineering Attempts?
Peter Moody
pmoody at google.com
Tue Sep 2 13:10:50 EDT 2008
hey G-man,
do you have the details of the alert (the email, etc) and the query
used to generate said alert?
Cheers,
/peter
On Tue, Sep 2, 2008 at 06:36, White, Gerard <Gerard.White at aliant.ca> wrote:
> ----------- nsp-security Confidential --------
>
> Greetings & FYI
>
> Not sure if this is "new" or not, but a friend gave me a heads-up on a
> rather interesting
> (but ugly) use of Google Alerts... A well crafted series of web sites
> (or whatever) managed to initiate the generation of a very convincing
> Alert that almost led this individual to:
>
> hxxp://d.ijfobki.com/bi
>
> Name: ijfobki.com
> Address: 194.110.161.45
> Aliases: d.ijfobki.com
>
> AS | IP | AS Name
> 35415 | 194.110.161.45 | WEBAZILLA WebaZilla European Network
>
> What's interesting about this ngnix/0.6.31 delivered data is that the
> entire content of the site is
> delivered in gzip... Including a couple of "bonus" scripts that appear
> to track the Email client/service that the Google Alert was delivered to
> in the first place.
>
> Perhaps Google should consider some sort of additional technology to
> watch for malicious URLs prior
> to delivering Alerts under this service?
>
>
> GW
> 855 - Bell Aliant
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Network Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list