[Dshield] CNN?
Ed Truitt
ed.truitt at etee2k.net
Mon Oct 15 22:22:31 GMT 2007
So, I decided that "wget is my friend". When I wgot the funny-named
html file, I got the following:
> <html lang="en">
> <head>
> <title>Messaging</title>
> <base href="http://www.access.cnn.com/pages/t.jsp">
> </head>
> <body bgcolor="white"><p>
> <ul class="error">
> <li class="error">Invalid ID: xyyabbxx_xzenozx
> </li></ul>
> <p>
>
> </body>
> </html>
When I wgot the .exe, I got... a .exe!
CNNAlerter.exe: MS-DOS executable (EXE), OS/2 or MS Windows
~Ed Truitt
M Cook wrote:
> Anyone see the mail from CNN about a desktop alerter? It offers a link
> to download it:
>
> Download it now!
> http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
>
> But if you hover over it, the link is actually
>
> http://www.access.cnn.com/xyyabbxx_xzenozx.html
>
> Now I realize this is probably innocent, probably just to implement some
> sort of tracking; but don't these folks realize it is the same strategy
> used by phishers (list one URL, hide the real one)? Why don't they just
> say "click here", or make the text match the linked URL. Wouldn't it be
> better if legitimate businesses were straightforward, so only the shady
> ones were sneaky? Plus if they want to be really helpful, they'd put it
> on an HTTPS page, so the certificate could be validated...
>
> (sorry for the rant)
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors. http://www.sans.org/info/9346
>
More information about the list
mailing list