Phishing & BotNets
yahoo redirect phish Mar 12 2006 11:34PM
Lance James (bugtraq securescience net)
http://rds.yahoo.com/S=44831148:D1/CS=44831148/SS=44831166/SIG=11v8331g7
/*http:/61.9.99.62/.bin-cgi/webscr_cmd=_login-run/

This was demonstrated in the November publishing of Phishing Exposed as
well:

http://searchopensource.techtarget.com/searchEnterpriseLinux/downloads/3
35_PH_EXP_05.pdf

More examples of how phishers will employ yahoo are:

Sign-in:
http://login.yahoo.com/config/login?.page=p1&.partner=&.intl=us&.done=ht
tp%3a%2f%2fwww.securescience.net%2findex.html&.src=my

Arbitrary landing page (just substitute securescience site with error
yahoo login page)

My Photos:
http://login.yahoo.com/config/login?.src=ph&.done=http%3a//www.securesci
ence.net&.intl=us

Anyway - tons more including cross-site scripting.

Yahoo needs to get in gear and stop lending a hand to phishers.

-Lance

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus