[nsp-sec] Google Alerts & Social Engineering Attempts?
White, Gerard
Gerard.White at aliant.ca
Tue Sep 2 13:58:20 EDT 2008
In this specific case, the keywords were "unb hockey". I've forwarded
the
specific Google Web Alert message to your gmail account.
If you start poking at this website, and all the related websites &
content, it has
a rather suspicious nature surrounding it. All the scrambled domains
involved appear to
be using Verisign name server resources directly.
GW
> -----Original Message-----
> From: Peter Moody [mailto:pmoody at google.com]
> Sent: Tuesday, September 02, 2008 2:41 PM
> To: White, Gerard
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Google Alerts & Social Engineering Attempts?
>
> hey G-man,
>
> do you have the details of the alert (the email, etc) and the query
> used to generate said alert?
>
> Cheers,
> /peter
>
> On Tue, Sep 2, 2008 at 06:36, White, Gerard <Gerard.White at aliant.ca>
wrote:
> > ----------- nsp-security Confidential --------
> >
> > Greetings & FYI
> >
> > Not sure if this is "new" or not, but a friend gave me a heads-up on
a
> > rather interesting
> > (but ugly) use of Google Alerts... A well crafted series of web
sites
> > (or whatever) managed to initiate the generation of a very
convincing
> > Alert that almost led this individual to:
> >
> > hxxp://d.ijfobki.com/bi
> >
> > Name: ijfobki.com
> > Address: 194.110.161.45
> > Aliases: d.ijfobki.com
> >
> > AS | IP | AS Name
> > 35415 | 194.110.161.45 | WEBAZILLA WebaZilla European Network
> >
> > What's interesting about this ngnix/0.6.31 delivered data is that
the
> > entire content of the site is
> > delivered in gzip... Including a couple of "bonus" scripts that
appear
> > to track the Email client/service that the Google Alert was
delivered to
> > in the first place.
> >
> > Perhaps Google should consider some sort of additional technology to
> > watch for malicious URLs prior
> > to delivering Alerts under this service?
> >
> >
> > GW
> > 855 - Bell Aliant
> >
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
> > community. Confidentiality is essential for effective Internet
security counter-measures.
> > _______________________________________________
> >
>
>
>
> --
> Peter Moody Google 1.650.253.7306
> Network Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list