Re: Spoofed Yahoo web site - www.yaho.co.uk

From: Paul McGovern (islesat_private)
Date: Tue Feb 09 1999 - 14:49:00 PST

Next message: Juan Diego Bolanos: "Lynx /tmp problem"

Previous message: Casper Dik: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 8 Feb 1999, Paul Murphy wrote:

| Hi,
|
| You might like to try this one on for size, and advise whether there's
| anything nasty going on behind this site.....

Going to this site in lynx, we're given a page with the following link on
it:
                       The requested URL probably is:

                           http://www.yahoo.co.uk

however, the link behind this is actually
http://www.aae.net/typo/typolink.shtml. Following this link takes you to a
page with one main frame (which has the actual link to
http://www.yahoo.co.uk) and 14 others, which under netscape for linux are
hidden. However, of course, lynx tells us where they go :> the sites they
lead to are:

http://199.217.203.16/stats.asp?sb5553
http://www.gaytradition.com/trafficcash/trafficcash.cgi?nutzw1
http://cgi2.hotshots.net/0/nutzw1
http://adultad.hotlynxxx.com/hotapi.wsa/GIF1852
http://ad.xxxteen.com/INDEX_2632.shtml
http://ad.xxxpic.com/adult/21/INDEX_2675.shtml
http://ad.xxxteen.com/INDEX_2709.shtml
http://ad.mpgworld.com/INDEX_2661.shtml
http://ad.xxxteen.com/indexmain.shtml
http://ad.xxxpic.com/adult/21/start.htm
http://ad.mpgworld.com/start.htm

with a couple of them repeated. Under netscape for linux, it automatically
refreshed my browser to www.yahoo.co.uk but watching the status bar i
could see netscape trying to look up all of these sites so I know it was
working in the background to connect to those sites. Pretty harmless,
looks to me like someone's little scheme to generate fake 'banner clicks,'
pretty lame but more original than spamming eh? Anyway, it doesn't look
like this has anything malicious like a session watcher behind it, just
someone's idea of making a little spare cash. Of course, I could be
wrong... this is all just speculation :> Regards,

-=--=--=--=--=--=--=--=--=--=--=--=--=--=-
Paul McGovern (nyisles) - islesat_private
BSBW Public Library - Technical Assistant
Administrator - redemption.bc.ca.xnet.org
Administrator - krad.fef.net
http://www.krad.org (under construction)
-=--=--=--=--=--=--=--=--=--=--=--=--=--=-

Next message: Juan Diego Bolanos: "Lynx /tmp problem"
Previous message: Casper Dik: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:37 PDT