oldschool CxC

Tuesday, February 03, 2004

Is it just me, or have email scams just stopped trying? This from a real email I received this morning:

"This_ Letter was _sent_ by the_ CitibankOnline sevrer to
veerify _your_ email_ adrress.
You musst colmtepe this poecsrs by clicking on_the link
beloww and enteering in the small window_ your Citi-Bank
Debit_ full card_nummber and pin that you_use in the Atm.
That is _done_ for your poectrtion -Z- because some of_our
_members_ no lonegr have access to their email adedrsses
and we must verify it.
To veerify _your_ email adderss and access your_ CitibankOnline
account, click on_the link beloow."

Yeah. Citibank. I'll be sure and click that link and give you all my info; let me just get my wallet. The real beauty is, of course, that I am not a Citibank customer.

SH: And that damn Penis enlarger that I ordered never came.
A: I got one supposedly from my ISP that would almost be believable if not for the misspellings. These scams are exploiting a URL-spoofing flaw that lets it look like you are clicking to a certain address but send you to another.

Patch, break, fix, hack, repeat.

(froom M$oft:A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate Web site but actually opens a deceptive (spoofed) Web site. For example, the following URL appears to open http://www.wingtiptoys.com but actually opens http://example.com:

Note In this case, Internet Explorer 6 Service Pack 1 (SP1) and Internet Explorer 6 for Microsoft Windows Server 2003 only display "http://example.com" in the Address bar. However, earlier versions of Internet Explorer display "http://www.wingtiptoys.com@example.com" in the Address bar.

Additionally, malicious users can use this URL syntax together with other methods to create a link to a deceptive (spoofed) Web site that displays the URL to a legitimate Web site in the Status bar, Address bar, and Title bar of all versions of Internet Explorer.


Post a Comment

<< Home