[Dshield] CNN?

Ed Truitt ed.truitt at etee2k.net
Mon Oct 15 22:22:31 GMT 2007

So, I decided that "wget is my friend".  When I wgot the funny-named 
html file, I got the following:

> <html lang="en">
>   <head>
>     <title>Messaging</title>
>     <base href="http://www.access.cnn.com/pages/t.jsp">
>   </head>
>   <body bgcolor="white"><p>
>     <ul class="error">
> <li class="error">Invalid ID: xyyabbxx_xzenozx
> </li></ul>
> <p>
>   </body>
> </html>
When I wgot the .exe, I got... a .exe!
CNNAlerter.exe: MS-DOS executable (EXE), OS/2 or MS Windows

~Ed Truitt

M Cook wrote:
> Anyone see the mail from CNN about a desktop alerter? It offers a link 
> to download it:
> Download it now! 
> http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
> But if you hover over it, the link is actually
> http://www.access.cnn.com/xyyabbxx_xzenozx.html
> Now I realize this is probably innocent, probably just to implement some 
> sort of tracking; but don't these folks realize it is the same strategy 
> used by phishers (list one URL, hide the real one)? Why don't they just 
> say "click here", or make the text match the linked URL. Wouldn't it be 
> better if legitimate businesses were straightforward, so only the shady 
> ones were sneaky? Plus if they want to be really helpful, they'd put it 
> on an HTTPS page, so the certificate could be validated...
> (sorry for the rant)
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346

More information about the list mailing list