Unchecked redirection + URL shortener = Spam = your computer becomes infected = slow running = potential for scammers to access your computer/bank accounts jeopardized, private identity jeopardized = http://www.thesecurityblog.com/2011/02/unchecked-redirection-url-shortener-spam/ (Spammers use a URL shortener like bit.ly to hide the long URL (i.e. http://bit.ly/aaaa redirects to xxx which redirects users to http://spam.com/) Recently, I found several legitimate sites, with bad coding practices, used to redirect users to spam sites with the help of URL shorteners.
Here is how the scam works: The legitimate sites have a warning page for all links to external sites The warning page can be used to redirect users to any domain, including spam sites and malicious pages (i.e. http://good.com/redirect?url=http://spam.com/) Spammers use a URL shortener like bit.ly to hide the long URL (i.e. http://bit.ly/aaaa redirects to http://good.com/redirect?url=http://spam.com/ which redirects users to http://spam.com/)
Most URL shorteners do some checks on the final URLs to prevent spammers from using their service.
By using a legitimate intermediate site, the attackers prevent URL shortening services from checking the true final destination and therefore prevent blacklisting or blocking of the shortened link. fmcsa.dot.gov One example of such redirection pages is: http://www.fmcsa.dot.gov/redirect.asp?page=http://www.zscaler.com/.
Change http://www.zscaler.com/to any URL. I've seen this page used to redirect to the rogue pharmacy canadapharm.org. The redirection is not done by the standard Meta refresh tag (meta http-equiv="refresh" content="6;url=http://www.zscaler.com/"), but by custom JavaScript. Even if the URL shortener was looking at the HTML content to figure out the final destination, it would very likely not haven seen the redirection to an external domain.
XSS In addition to being used by spammers, fmcsa.dot.gov(continue reading...)
Blackhat spam SEO is still very present on the web, and there have been more changes in the past few weeks than in the months before. Here are some of (continue reading...)
In January, I wrote about many high profile websites, mostly universities, that were hijacked to redirect to fake stores. Many have since been cleaned up,(continue reading...)
Double trouble – spam and malware payloads (June 18, 2010) Don’t you hate spam? It’s a nuisance, but not anything you really need to worry about, is it? I mean, it’s not like you ran an executable, you just found (continue reading...)
Don’t move – or I’ll redirect! (July 2, 2010) Search engine optimisation (SEO) techniques have received a fair amount of attention recently, thanks mostly to their use in fake AV distribution. In this blog, I (continue reading...)
Blackhat spam SEO: which sites get hijacked? (December 6, 2010) I have looked at 1,123 legitimate sites which have been hijacked to host spam pages redirecting users to a fake AV page. I'd assumed that most of them would be running (continue reading...)
http://www.thesecurityblog.com/2011/02/unchecked-redirection-url-shortener-spam/
Also related news ~ Creating Fake Facebook Page Could Land You In Jail
Cyber Crime: Danger lurking on the internet and how to protect yourself - Experts warn against uploading personal photos ... and .. Obama Wants an Internet ID for Americans
Ghostmarket Carders Sentenced in UK
http://legendsintheirownminds.blogspot.com/2010/12/pagejacking-identifying-and-dealing.html
