I came across this seductive message, and it contains the link that I can't resist to click since it is asked by horny ladies, the link must be legitimate -
http://cux7850mdmk.blogspot.com
http://cux7850mdmk.blogspot.com
Once you click on it, that blog will bring you to another site which is -http://66.111.45.170/cams/1/
You can see below what is loaded when you go to the blog that is setup with malicious purpose -
The cut-down zoom in version -META http-equiv="refresh" content="0;URL=http://66.111.45.170/cams/1/"
I manually check http://66.111.45.170/cams, and you might enjoy the screenshot -
Lets see what is in http://66.111.45.170/cams/1/, the content location is actually at -
http://66.111.45.170/cams/1/index.htm
And the index.htm contains -
Now you should be happy to land at this page, and lets register as a member.
http://66.111.45.170/cams/1/index.htm
And the index.htm contains -
meta http-equiv="refresh" content="0; URL=http://www.xxxblackbook.com/?s=register&r=lc129795"
Now you should be happy to land at this page, and lets register as a member.
It's rather easy to get someone to click on "look legitimate" link than from the email spam these days. We see the use of meta http-equiv="refresh", and you can find the information about it here -
http://www.html-reference.com/META_httpequiv_refresh.htm
During discussion at freenode #rawpacket, my friend scholar pointed me out related information here -
http://spamtrackers.eu/wiki/index.php?title=Blogspot
Enjoy ;]
4 comments:
Nice one. Alas I can't use irc nowadays. Policy... Duh
This kind of redirection is quite old school. I remember last time when I learn up HTML during high school, I use that before.
hi ayoi,
Too bad ;(
hi surface,
Yeah, old school but works, just like iframe.
Post a Comment