Yesterday, I talked about how the Russian Zlob gang was abusing open redirectors on the Net to seed Google with links to malware. I’d made a list of such open redirectors over the past few days, and have been contacting the owners of the redirectors explaining the problem and how to fix it.
Last night, I found an open redirector on the usa.gov site, which was being used in Google links to spread malware. I fired off an email to the usa.gov Webmaster explaining the problem. This morning I got a very nice email reply saying they’d verified the problem and fixed it; the redirector now does referrer checking and refuses to redirect for non-local requests. Checked it out, and sure enough, it was fixed.
Woot! They had a patched script up within hours. Who says the government is always slow and inefficient?
Have you gotten the Southwest Airlines $500 voucher phish yet?
I live near an airport served by Southwest, my family lives near a hub, so it is entirely possible my parents would send me one. (Of course I checked the link! Not TOTALLY stupid).
I haven’t! I’ve seen numerous copies of a Wal-Mart $200 survey phish, though, that sounds like it uses a very similar social engineering hook; it offers money or a Wal-Mart credit for filling out a survey online, then asks for the mark’s credit card number so that the survey reward can be credited to the mark’s account.
This one claimed that someone sent me a $500 voucher.
Not entirely outside the realm of possibility, but still…
Have you gotten the Southwest Airlines $500 voucher phish yet?
I live near an airport served by Southwest, my family lives near a hub, so it is entirely possible my parents would send me one. (Of course I checked the link! Not TOTALLY stupid).
I haven’t! I’ve seen numerous copies of a Wal-Mart $200 survey phish, though, that sounds like it uses a very similar social engineering hook; it offers money or a Wal-Mart credit for filling out a survey online, then asks for the mark’s credit card number so that the survey reward can be credited to the mark’s account.
This one claimed that someone sent me a $500 voucher.
Not entirely outside the realm of possibility, but still…
You rock, Franklin!!!
*HUGS*
You rock, Franklin!!!
*HUGS*
I wrote the UW system admin webmaster with a link to your post. No word yet.
I wrote the UW system admin webmaster with a link to your post. No word yet.
Well, I’ll argue that it’s inefficient to wait for some guy in FL(?) to find the problem and provide a fix 😉
Seriously, I’d hope a form letter with a quick synopsis would get 99% of these fixed within a day.
Well, I’ll argue that it’s inefficient to wait for some guy in FL(?) to find the problem and provide a fix 😉
Seriously, I’d hope a form letter with a quick synopsis would get 99% of these fixed within a day.
“Woot! They had a patched script up within hours. Who says the government is always slow and inefficient?”
Didn’t you mention that it was faster to fix than the time it takes to explain what an open redirector is?
“Woot! They had a patched script up within hours. Who says the government is always slow and inefficient?”
Didn’t you mention that it was faster to fix than the time it takes to explain what an open redirector is?
Thank you for making the world wide web safer for those who don’t know better. Thank you for making my job easier. 🙂 Less malware = more time to do constructive work things.
Thank you for making the world wide web safer for those who don’t know better. Thank you for making my job easier. 🙂 Less malware = more time to do constructive work things.
You do very cool work here, and it’s good to see at least some webmasters actually respect it and fix the problems promptly and politely 🙂
You do very cool work here, and it’s good to see at least some webmasters actually respect it and fix the problems promptly and politely 🙂
Seems to me that the German colsolate also has the redirector issue. A coworker was going on line to apply for a visa to travel there, and he had to call them about not being able to get to the page for 3 days. They gave him the appropreate link, but his computer (which I am working on right now) is totally screwed! Hellzlittlespy keylogger and a wonderful collection of other little brats that joined it. Not every day you get the windows login (the good ol ‘hit Ctrl-Alt-Del to log in’) ontop of a Windows Desktop! I’m thinking I’m not going to waste my time, back up the files and blow the drive out.
Seems to me that the German colsolate also has the redirector issue. A coworker was going on line to apply for a visa to travel there, and he had to call them about not being able to get to the page for 3 days. They gave him the appropreate link, but his computer (which I am working on right now) is totally screwed! Hellzlittlespy keylogger and a wonderful collection of other little brats that joined it. Not every day you get the windows login (the good ol ‘hit Ctrl-Alt-Del to log in’) ontop of a Windows Desktop! I’m thinking I’m not going to waste my time, back up the files and blow the drive out.