Monday, June 09, 2008

MSN IM -> Blogspot -> Pr0ning

I came across this seductive message, and it contains the link that I can't resist to click since it is asked by horny ladies, the link must be legitimate -

Once you click on it, that blog will bring you to another site which is -

You can see below what is loaded when you go to the blog that is setup with malicious purpose -

The cut-down zoom in version -

META http-equiv="refresh" content="0;URL="

I manually check, and you might enjoy the screenshot -

Lets see what is in, the content location is actually at -

And the index.htm contains -

meta http-equiv="refresh" content="0; URL="

Now you should be happy to land at this page, and lets register as a member.

It's rather easy to get someone to click on "look legitimate" link than from the email spam these days. We see the use of meta http-equiv="refresh", and you can find the information about it here -

During discussion at freenode #rawpacket, my friend scholar pointed me out related information here -

Enjoy ;]


ayoi said...

Nice one. Alas I can't use irc nowadays. Policy... Duh

surface said...

This kind of redirection is quite old school. I remember last time when I learn up HTML during high school, I use that before.

C.S.Lee(geek00L) said...

hi ayoi,

Too bad ;(

hi surface,

Yeah, old school but works, just like iframe.

Anonymous said...
This comment has been removed by a blog administrator.