Educause Security Discussion mailing list archives
Re: phishing link using Google...
From: Robert Kerr <r.kerr () CRANFIELD AC UK>
Date: Wed, 30 Nov 2005 17:15:12 +0000
On Wed, 2005-11-30 at 10:04 -0500, Gary Flynn wrote:
Out of curiosity, why would someone use Google as the start point of a phishing link? Is it just so something familiar is near the front for anyone looking at it?
<a href="http://www.google.pt/url?sa=U&start=4&q=http://203.52.104.73/images/.../.pcb.peoples.com/">www.peoples.com</a>
There are a number of URI based blacklists that contain spammy and phish domains eg SURBL (www.surbl.org) and URIBL (www.uribl.com). These blacklists tend to key on the domain, so by using the google redirector they can make software checking against these blacklist see a link to google instead of one to the true destination. The use of redirects like this in junk email has become quite common since spamassassin started using SURBL. I believe future versions will also include rules for URIBL. -- Robert Kerr
Current thread:
- phishing link using Google... Gary Flynn (Nov 30)
- <Possible follow-ups>
- Re: phishing link using Google... Michael Hornung (Nov 30)
- Re: phishing link using Google... Robert Kerr (Nov 30)
- Re: phishing link using Google... A. J. Wright (Nov 30)
- Re: phishing link using Google... Jeni Li (Nov 30)
- Re: phishing link using Google... Gary Flynn (Nov 30)