Disguised URL's

Discussion in 'Computer Security' started by ~BD~, Aug 8, 2009.

  1. ~BD~

    ~BD~ Guest

    I've asked this question in a Microsoft group but I'm wondering if
    anyone here has a view, too.

    Here is a signature block from a post made in the groups .............

    microsoft.public.windows.inetexplorer.ie6_outlookexpress and
    microsoft.public.outlookexpress.general

    >>> --
    >>> ~Robear Dyer (PA Bear)
    >>> MS MVP-IE, Mail, Security, Windows Client - since 2002
    >>> www.banthecheck.com
    >>>



    In this signature block, www.banthecheck.com resolves to
    http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564
    if I click on the link.

    I should be grateful if someone will explain how this is done.

    Presumably any link shown in any post could be similarly disguised
    and take 'the unsuspecting' to a fraudulent site.

    Is this a correct assumption?

    Thanks.

    --
    Dave
     
    ~BD~, Aug 8, 2009
    #1
    1. Advertising

  2. ~BD~

    Gerard Bok Guest

    On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~"
    <> wrote:

    >www.banthecheck.com resolves to
    >http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564


    >I should be grateful if someone will explain how this is done.


    http://en.wikipedia.org/wiki/HTTP_302
    and
    http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

    >Presumably any link shown in any post could be similarly disguised
    >and take 'the unsuspecting' to a fraudulent site.
    >
    > Is this a correct assumption?


    Yes, it is.
    Bottom line: don't click and be carefull.

    --
    Kind regards,
    Gerard Bok
     
    Gerard Bok, Aug 8, 2009
    #2
    1. Advertising

  3. ~BD~

    ~BD~ Guest

    Gerard Bok wrote:
    > On Sat, 8 Aug 2009 15:08:19 +0100, "~BD~"
    > <> wrote:
    >
    >> www.banthecheck.com resolves to
    >> http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564

    >
    >> I should be grateful if someone will explain how this is done.

    >
    > http://en.wikipedia.org/wiki/HTTP_302
    > and
    > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    >
    >> Presumably any link shown in any post could be similarly disguised
    >> and take 'the unsuspecting' to a fraudulent site.
    >>
    >> Is this a correct assumption?

    >
    > Yes, it is.
    > Bottom line: don't click and be carefull.



    Hello Gerard - thank you for your reply.

    I've looked at each of the links you have provided and have gleaned a
    little more knowledge but I'm really a bit out of my depth. I don't want
    to create disguised URL's myself, simply ensure that the one I
    illustrated was bona fide.

    I remembered you had once advised me before and found this thread via
    Google:-
    http://forums.speedguide.net/showthread.php?t=254235

    I never did receive a response to my final question to David H Lipman
    which said:

    Quote:

    "I've *never* spotted anyone - ever - recommending folk should post at
    Annexcafe User2User to have questions answered.

    It seems really good (superficially) - so why is it never mentioned?"

    Have others reading here ever been there or seen the site recommended?

    Thanks
    --
    Dave
     
    ~BD~, Aug 8, 2009
    #3
  4. ~BD~

    Todd H. Guest

    "~BD~" <> writes:

    > I've asked this question in a Microsoft group but I'm wondering if
    > anyone here has a view, too.


    This is actually a good security question.

    >>>> --
    >>>> ~Robear Dyer (PA Bear)
    >>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
    >>>> www.banthecheck.com
    >>>>

    >
    >
    > In this signature block, www.banthecheck.com resolves to
    > http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564
    > if I click on the link.
    >
    >
    > I should be grateful if someone will explain how this is done.


    There are two main ways this is done.

    The server could be configured to do a 302 redirect in HTTP header
    responses to tell the browser essentially "that URL moved--go here to
    get it"

    Or, a meta redirect can be put into the returning html where an html
    meta refresh directive is included and the meta refresh takes an
    argument of where the page should be refreshed to goto.

    > Presumably any link shown in any post could be similarly disguised
    > and take 'the unsuspecting' to a fraudulent site.
    >
    > Is this a correct assumption?


    Yup.

    We'll get you surfing the web inside a throw away virtual machine in
    no time. :)

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Aug 10, 2009
    #4
  5. ~BD~

    ~BD~ Guest

    Todd H. wrote:
    > "~BD~" <> writes:
    >
    >> I've asked this question in a Microsoft group but I'm wondering if
    >> anyone here has a view, too.

    >
    > This is actually a good security question.



    Wow! What an acolade! Thanks Todd!


    >>>>> --
    >>>>> ~Robear Dyer (PA Bear)
    >>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
    >>>>> www.banthecheck.com
    >>>>>

    >>
    >>
    >> In this signature block, www.banthecheck.com resolves to
    >> http://www.bleepingcomputer.com/blogs/mowgreen/index.php?showentry=1564
    >> if I click on the link.
    >>
    >>
    >> I should be grateful if someone will explain how this is done.

    >
    > There are two main ways this is done.
    >
    > The server could be configured to do a 302 redirect in HTTP header
    > responses to tell the browser essentially "that URL moved--go here to
    > get it"
    >
    > Or, a meta redirect can be put into the returning html where an html
    > meta refresh directive is included and the meta refresh takes an
    > argument of where the page should be refreshed to goto.



    How do you know all these things? Rhetorical question! I respect your
    expertise! :)


    >> Presumably any link shown in any post could be similarly disguised
    >> and take 'the unsuspecting' to a fraudulent site.
    >>
    >> Is this a correct assumption?

    >
    > Yup.
    >
    > We'll get you surfing the web inside a throw away virtual machine in
    > no time. :)



    When I get home after this summer cruise, I'll investigate in depth how
    to do just that thing!

    Thanks for still talking to me, btw!

    Best wishes

    --
    Dave
     
    ~BD~, Aug 11, 2009
    #5
  6. ~BD~

    nemo_outis Guest

    "~BD~" <> wrote in news:h5slim$2b3$-
    september.org:

    >> We'll get you surfing the web inside a throw away virtual machine in
    >> no time. :)

    >
    >
    > When I get home after this summer cruise, I'll investigate in depth how
    > to do just that thing!


    You could just run vmware player and janusvm - it's that simple.

    Regards,
     
    nemo_outis, Aug 12, 2009
    #6
  7. ~BD~

    ~BD~ Guest

    nemo_outis wrote:
    > "~BD~" <> wrote in
    > news:h5slim$2b3$- september.org:
    >
    >>> We'll get you surfing the web inside a throw away virtual machine in
    >>> no time. :)

    >>
    >>
    >> When I get home after this summer cruise, I'll investigate in depth
    >> how to do just that thing!

    >
    > You could just run vmware player and janusvm - it's that simple.



    Many thanks!

    I've made a note and will have a look at them later.

    --
    Dave
     
    ~BD~, Aug 12, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?cGVyZmVjdDAwMDM=?=

    Missing URL Search Hook

    =?Utf-8?B?cGVyZmVjdDAwMDM=?=, Mar 11, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    5,524
    =?Utf-8?B?VkxBRA==?=
    Mar 11, 2005
  2. Griffure
    Replies:
    0
    Views:
    908
    Griffure
    Aug 11, 2003
  3. Art
    Replies:
    3
    Views:
    582
    Leonidas Jones
    Dec 24, 2003
  4. The Other Guy

    [NEWS] Disguised worm evades antivirus software

    The Other Guy, Aug 4, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    885
    totojepast
    Aug 5, 2003
  5. §ñühw¤£f

    Failure disguised as success...

    §ñühw¤£f, Mar 16, 2010, in forum: Computer Support
    Replies:
    1
    Views:
    376
Loading...

Share This Page