Social Engineering Attacks Using Simple Redirections
|
|
|
||||||||||
Description:
Many sites such as YouTube use a simple redirect link when a user clicks on an outgoing link on their sites. In most cases this is done to understand which links are more popular and clicked more by users. In this simple video, I show how this feature can be abused by Malware authors, Spammers and for Phishing. The funny thing is that this redirection vulnerability has been around for way too long and it's tough to figure out why sites would still wanna use it.
Have a look at these 2 links which I posted on Reddit and Digg as proof of concept. The identified "site" by these websites is YouTube, but after redirection they simply land on SecurityTube.
http://www.reddit.com/r/netsec/comments/bpv5a/this_link_says_its_from_youtube_but_its_not_how/
http://digg.com/security/This_link_says_it_s_from_YouTube_But_it_s_Not
Watch the video for the demo!
Have a look at these 2 links which I posted on Reddit and Digg as proof of concept. The identified "site" by these websites is YouTube, but after redirection they simply land on SecurityTube.
http://www.reddit.com/r/netsec/comments/bpv5a/this_link_says_its_from_youtube_but_its_not_how/
http://digg.com/security/This_link_says_it_s_from_YouTube_But_it_s_Not
Watch the video for the demo!