[9468] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Spoofed Yahoo web site - www.yaho.co.uk

daemon@ATHENA.MIT.EDU (Paul McGovern)
Thu Feb 11 13:22:56 1999

Date: 	Tue, 9 Feb 1999 17:49:00 -0500
Reply-To: Paul McGovern <isles@LAMER.NET>
From: Paul McGovern <isles@LAMER.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <s6bf379c.001@netware.gemini-research.co.uk>

On Mon, 8 Feb 1999, Paul Murphy wrote:

| Hi,
|
| You might like to try this one on for size, and advise whether there's
| anything nasty going on behind this site.....

Going to this site in lynx, we're given a page with the following link on
it:
                       The requested URL probably is:

                           http://www.yahoo.co.uk

however, the link behind this is actually
http://www.aae.net/typo/typolink.shtml. Following this link takes you to a
page with one main frame (which has the actual link to
http://www.yahoo.co.uk) and 14 others, which under netscape for linux are
hidden. However, of course, lynx tells us where they go :> the sites they
lead to are:

http://199.217.203.16/stats.asp?sb5553
http://www.gaytradition.com/trafficcash/trafficcash.cgi?nutzw1
http://cgi2.hotshots.net/0/nutzw1
http://adultad.hotlynxxx.com/hotapi.wsa/GIF1852
http://ad.xxxteen.com/INDEX_2632.shtml
http://ad.xxxpic.com/adult/21/INDEX_2675.shtml
http://ad.xxxteen.com/INDEX_2709.shtml
http://ad.mpgworld.com/INDEX_2661.shtml
http://ad.xxxteen.com/indexmain.shtml
http://ad.xxxpic.com/adult/21/start.htm
http://ad.mpgworld.com/start.htm

with a couple of them repeated. Under netscape for linux, it automatically
refreshed my browser to www.yahoo.co.uk but watching the status bar i
could see netscape trying to look up all of these sites so I know it was
working in the background to connect to those sites. Pretty harmless,
looks to me like someone's little scheme to generate fake 'banner clicks,'
pretty lame but more original than spamming eh? Anyway, it doesn't look
like this has anything malicious like a session watcher behind it, just
someone's idea of making a little spare cash. Of course, I could be
wrong... this is all just speculation :> Regards,

-=--=--=--=--=--=--=--=--=--=--=--=--=--=-
Paul McGovern (nyisles) - isles@lamer.net
BSBW Public Library - Technical Assistant
Administrator - redemption.bc.ca.xnet.org
Administrator - krad.fef.net
http://www.krad.org (under construction)
-=--=--=--=--=--=--=--=--=--=--=--=--=--=-
home help back first fref pref prev next nref lref last post