Results 1 to 2 of 2
  1. #1
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    New style of phishing: Google Search URLs

    A pretty obvious phishing message was in my junk folder. When I moused over the URLs, they took an unfamiliar form:

    http://www.google.com/url?sa=U&start=4&q=h...coop/update.php

    Changing the usual value of the sa parameter to U causes Google to redirect the browser to the URL listed in the q parameter. It does this invisibly by returning HTTP Status Code 302, indicating that the page has been moved temporarily, and then supplies the location specified in the query, which the browser dutifully loads. You can try it here:

    http://www.google.com/url?sa=U&q=http://ww...t/wwwthreads.pl

    I'm not sure of the intended (legitimate) use of this parameter value, but I think perhaps Google might want to consider blocking it so that people don't mistake a phishing attempt for a search. Assuming they look at URLs before clicking them...

  2. #2
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: New style of phishing: Google Search URLs

    GREAT INSIGHT - THANKS ! ! !
    Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •