Page 290 - StudyBook.pdf
P. 290

274    Chapter 5 • Communication Security: Web Based Services

             e-mailed link such as www.paypal.com@%77%77%77.%61%7A.%72%
             75/%70%70%64,” which to the casual user appears to be a link to the PayPal Web
             site. However, it is really a link (an IP address in hex format) to the spoofer’s own
             server, which in this case was a site in Russia.The spoofer’s site was designed to
             look like PayPal’s site, with form fields requiring that the user enter their PayPal
             account information.This information was collected by the spoofer and could then
             be used to charge purchases to the victim’s PayPal account.This site packed a
             double whammy—it also ran a script that attempted to download malicious code
             to the user’s computer. Because URLs containing the @ symbol are no longer
             accepted in major browsers today, entering the URL in browsers like IE 7 produces
             an error. Unfortunately, this exploit allowed many people to be fooled by this
             method and fall victim to the site, and there is no reason why someone simply
             couldn’t use a link in hexadecimal format today to continue fooling users.
                 The best method of combating such types of attacks involves education. It is
             important that administrators educate users to beware of bogus URLs, and to look
             at the URL they are visiting in the Address bar of the browser. Most importantly,
             they should avoid visiting sites that they receive in e-mails, unless it is a site they
             are familiar with. It is always wiser to enter addresses like www.paypal.com directly
             into the address bar of a browser than following a link on an e-mail that is indeci-
             pherable and/or may or may not be legitimate.


                Web Spoofing Pranks
            Tools & Traps…  the Internet informing visitors that Microsoft had purchased Firefox, and
                Not all Web spoofs are malicious. In early 2007, Web sites appeared on

                was going to rename the browser Microsoft Firefox 2007 Professional
                Edition. Two sites (www.msfirefox.com and www.msfirefox.net)
                appeared to be actual sites belonging to Microsoft. However, upon
                attempting to download a version of the browser at www.msfirefox.com,
                the user was redirected to Microsoft’s site to download IE 7. When
                attempting to download from www.msfirefox.net, a copy of Mozilla’s
                Firefox was downloaded.
















          www.syngress.com
   285   286   287   288   289   290   291   292   293   294   295