Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    The idea has indeed taken flight. Previously, we had encountered spam links playing around with the Google ranking system through the use of its “I’m Feeling Lucky” functionality. Now, it’s AOL search’s turn.

    The following link:

    http:// search.aol.com/%61%6F%6C/%72%65%64%69%72?%63%6C%69%
    63%6B%65%64I%74%65%6DURN=%68%74%74%70%3A//zaWlGTLKvOtgvxi
    TSLxWvcoTt%2E%6B%6F%63%6E%6F%77%61%2E%63%6F%6D

    looks like this when de-obfuscated:

    http:// search.aol.com/aol/redir?clickedItemURN=http://{BLOCKED}TLKv
    OtgvxiTSLxWvcoTt.kocnowa.com

    And in fact leads to the following site:

    spam site

    The link turns out to be taking advantage of the functionality of open redirectors. An open redirector is an application that redirects users to target Web sites automatically (without the need for verification). Redirection by itself is a useful tool for Web site admins who do not want to ‘lose their audience.’ If a user enters a URL that is predictably related (but not exactly) to the site she is looking for, the browser can redirect her to the site itself or a page in the site that can help her find some answers.

    But as we realize time and again, tools can be used for both good and bad results. This is the case with redirectors. Since the specially-crafted link starts off with http://search.aol.com while the rest of the URL is obfuscated, spammers can hope to evade spam filters. They only have to make sure that the spam site is the only site referred to in the formulated AOL search result link. This tactic, has in fact, been around for quite some time.

    Regardless of the motivation, it remains clear that anything used to mislead a user is a violation of his rights and privacy. Users should double-check the URL of the sites they are visiting time and again to make sure they do not fall victim to similar attacks.

    Information provided by Senior Threat Analyst Joey Costoya





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice