Tuesday, August 22, 2006

Google Redirection Hole used for Phishing

It's official. Google's redirection hole, formerly used for spam, is currently an excellent tool in the hands of phishers.

Why is this bad? Because 99% of Internet users trust google and when they see a link starting with "www.google.com" they think it's part of google or a site google knows about and has included it in its structure. WRONG!

What do I mean? Check this out...


This url (one line) starts with one of the most recognizable domains in the world but what comes next? An unverified IP address and after that the words "signin" and "ebay". Just for testing, try opening it with your browser. It's safe from javascript and stuff. It's just an example. Or try this: append a url of your choice next to "url?q=" and paste the entire thing in your browser. WoW.

This is a huge hole. Anyone can have google as his referrer to a malicious site. Just for the sake of it try entering the link from above (if you haven't done already). And open another tab in your browser with the real signin page from ebay.com. Can you tell the difference? An experienced (or suspicious) user might notice there is no SSL established in the fake page but that's something most victims don't even know about.

Oh and by the way this issue has been known for over six months :P

No comments: