A few days ago in a blog entry I touched upon how search engine gamers had been able to use trusted domains and the 302 redirect trick to fool search engines into giving them higher rankings. That window of opportunity is all but closed now, but scammers still use the redirect hack to aid them in their phishing expeditions. They are able to foist their tricks on their unsuspecting victims using two main avenues consisting of spam emails and spam posts.
Suppose you receive an email with the following embedded URL:
http://www.ygdte682hdfajh1a.com/offer.htm?url=http://example.comWould you click on this email? Most likely not, and nor will many others. You just can't tell who that weird URL belongs to, so you would skip over it. Now consider the following URLs:
http://froogle.google.com/%66%72%6F%6F%67%6C%65%5F%75%72%6C?%71=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36http://www.aol.com/%72%65%64%69%72%2E%61%64%70?%5F%75%72%6C=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&loc=http://us.ebayobjects.com/2c;47586106;12593038;l?%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36Notice how the URLs indicate domains from Google, AOL, and eBay. Some people may still be skeptical about clicking, but others may not be so paranoid. After all those domains emanate from highly trusted sources. The URLs have some encrypted data, but we are all accustomed to seeing long URLs on various sites, and might attribute that to strong security.
This is no trick. Those pages are indeed legitimate pages from well-known sites. But they are specially crafted pages to redirect users to other destinations. They were most likely designed to be used by their respective sites themselves and for other legitimate uses from the outside. But in this case they were hijacked to gain users' confidence prompting them to dutifully click on them. For these samples, users are safely redirected to example.com, but they could have been redirected to a wicked phishing site instead.
Phishers also post the same types of links on various online boards, article sites, or other user submission areas, and they can gain users' trust just the same. Why wouldn't these links be automatically filtered by email servers or web sites? For the same reason average users see no threat in them. Filters might block or distort links they do not recognize, but many may give these links a free pass, convinced that they are from highly trusted sites and are therefore innocuous.
Some well-known sites have started to take defensive measures to foil these types of redirect tricks, but abuse-ready redirect pages still abound. So the next time you come across these types of links in a spam email or on a site, think twice before clicking on them. They may just be the bait-and-switch kind.
http redirect,
phishing,
hackers,
spamLabels: hackers, http redirect, phishing, spam
<
Redirect Hacks and Phishing>
// posted by rh
In web terms a redirect hack is an umbrella concept that refers to various strategies to redirect visitors from one web page to another. There are several legitimate reasons a site may use this technology. These are generally necessary conditions where, for example, a site has migrated to another, or a page needs to temporarily send its visitors to another location.
Try http://www.cnnfn.com/ and notice how your browser is redirected to http://money.cnn.com/. When CNNfn shut down its doors it moved its operations to this new site, and used a redirect to take its faithful readers to its new abode. Same is true with Microsoft when it acquired Great Plains Software and renamed the business to Microsoft Dynamics. The URL http://www.greatplains.com/ now redirects to http://www.microsoft.com/dynamics/. These types of redirects are known as 301 or permanent redirects, referring to the code sent by a web server to a browser asking it to redirect to a new URL. The other type of redirect is known as 302 or temporary. It is used to announce a temporary relocation of a page or a site and results in the same type of redirection. The difference is mainly in how a browser or a search engine is supposed to treat the redirection.
Since temporary redirects are supposed to be, well, temporary, visiting programs are supposed to treat the original URLs as valid, like any other legit web page. For example, per rules, a search engine should continue to keep the original URL in its index and give the referee the same weight and value as the original URL.
Soon enough, unethical search engine optimization (SEO) guys discovered this rule (or loophole) and started gaming search engines by placing links on various sites that bounced off certain URLs from well-known web sites and redirected visitors to their own sites. When search engines encountered such links, they would give the referenced sites high rankings because the links were from trusted and well-regarded sites.
Take a look at this sample URL (it still works as of this writing):
http://www.aol.com/redir.adp?_url=http://www.example.com
It appears that AOL has redirected one of its own pages to example.com. Most likely AOL uses this page for its own site, but as is, it can't stop others from using it too. In reality you can replace example.com with any page's URL and any search engine (or your browser) would be faithfully ushered there, courtesy of AOL servers. As a benefit, the search engine would bestow a high ranking on that final URL by proxy, because that page is believed to be somehow associated with AOL.
A High ranking means more frequent appearances on or near the top of search engine results pages, which means that gamers can garner a lot of traffic on their sites for little work, and traffic translates to money. In simple cases visitors are greeted with pay-per-click or other types of ads, stock pump-and-dump schemes, or they might be scammed into buying stuff. In more insidious cases visitors might be tricked into installing spyware or malware on their computers to track their activities and annoy them with incessant popup ads, or worse, ship their private information to the bad guys waiting to wipe clean bank and trading accounts.
Fortunately major search engines have now optimized their systems to forestall redirect hacks and most gamers don't see much (if any) gain from employing this tactic. But don't count out redirect hacks just yet. A more nefarious redirect usage involving phishing is alive and well, and still thriving. More on that in the next blog entry.
redirect hack,seo,phishing,301 redirect,302 redirect,http redirect,search enginesLabels: http redirect, phishing, seo
<
Redirect Hacks and SEO>
// posted by rh
