[156263] in North American Network Operators' Group
Re: HXXP browser protocol
daemon@ATHENA.MIT.EDU (Sean Harlow)
Thu Sep 13 12:40:07 2012
From: Sean Harlow <sean@seanharlow.info>
In-Reply-To: <ED78B1C68B84A14FA706D13A230D7B43195DCB02@ITS-MAIL01.campus.ad.csulb.edu>
Date: Thu, 13 Sep 2012 12:38:19 -0400
To: Matthew Black <Matthew.Black@csulb.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 13, 2012, at 12:34, Matthew Black wrote:
> Checking if anyone else has heard of this protocol. It seems to be a =
method of bypassing security filtering software.
>=20
> The reason I ask is that we received a security alert with a link =
hxxp://pastebin.com/###.
>=20
> Seems very suspicious and want to know if anyone can shed light. Is =
this a new phishing/malware methodology?
Using "hxxp" is a common method to prevent auto-linking by various =
email/IM clients and/or forum software to then require the user to =
actively copy/paste the URL to get the content.
In the case of a security alert, I could see it being used if the =
destination is in fact an example of an attack site to prevent someone =
from inadvertently clicking the link and getting infected.
---
Sean Harlow
sean@seanharlow.info=
