[Dshield] CNN?
Tony Earnshaw
tonni at hetnet.nl
Tue Oct 16 04:27:19 GMT 2007
M Cook skrev, on 15-10-2007 20:04:
> Anyone see the mail from CNN about a desktop alerter? It offers a link
> to download it:
>
> Download it now!
> http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
>
> But if you hover over it, the link is actually
>
> http://www.access.cnn.com/xyyabbxx_xzenozx.html
>
> Now I realize this is probably innocent, probably just to implement some
> sort of tracking; but don't these folks realize it is the same strategy
> used by phishers (list one URL, hide the real one)? Why don't they just
> say "click here", or make the text match the linked URL. Wouldn't it be
> better if legitimate businesses were straightforward, so only the shady
> ones were sneaky? Plus if they want to be really helpful, they'd put it
> on an HTTPS page, so the certificate could be validated...
I've read the whole thread up to 01:33 16th October and would just
remark the following.
I run my own Postfix MTA on my home FC6 workstation/server. I chose
Clamav running from amavisd-new as one of 2 AV scanners; Clamav has
specialized in recognizing phishing mails, signals these to amavisd-new,
which quarantines them.
For the hell I sometimes release these messages and inspect them, follow
the links. I've found cracked, otherwise innocent, Apache and IIS
servers redirecting to phishing sites. I'd always be vary wary of
following links to services on "foreign" servers, notwithstanding that
the Norwegian web "papers" that I regularly read often redirect to
advertising or video sites in Denmark or other countries, without warning.
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
More information about the list
mailing list