Lax website setup could be used to trick the unwary.
Popular professional networking system
LinkedIn
has been allowing free redirects from its website, providing spammers and phishers with a way of providing links which appear to lead to the contact system but instead take victims to malicious or deceptive sites.
The practice of using genuine websites to establish user trust is common among cyber criminals, as shown by a
recent example
of spams using
Google
advanced searches to get past spam filters and lend an air of legitimacy to advertising links. The flaw in the design of the
LinkedIn
site, still active at the time of writing, is much simpler, allowing links to be created leading to the genuine site, which then simply redirects to another site included in the link.
Comment on the practice of allowing open links from
ESET
‘s Randy Abrams is
here
.
Posted on 08 November 2007 by
Virus Bulletin
Leave a Reply