Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43440
  • Total Topics: 16532
  • Online today: 3109
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3087
Total: 3089









Author Topic: Beware of Clicking the Web Translator Hyperlink  (Read 3546 times)

0 Members and 3 Guests are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Beware of Clicking the Web Translator Hyperlink
« on: 04. April 2013., 12:52:09 »
Beware of Clicking the Web Translator Hyperlink

Foreign languages are no longer as difficult to understand as they once were, thanks to improvements in web translation services, which instantly translate words and web pages. The website translator plug-in can expand your global world with an amazing and effortless approach by automatically recognizing foreign-language identifiers. Website translators require JavaScript to be enabled to run. The command usually follows this form:

• http://<web translate service provider domain >/translate?u=<website or link that you want to restate in your favorite language>

McAfee Labs Messaging Security recently observed a spam trait based around an Internet web translator application. Spammers never rely on just one strategy. We recently saw that these translator web services are exclusively marketed by cybercriminals who are using redirection techniques that employ URL shorteners to disguise the destination links. We observed the following URL prototypes during our investigation:

• http://<web translate service provider domain >/translate?u=< some shorten URI Domain>/4cj0?/

• http:// <web translate service provider domain >/translate?u=< some shorten URI Domain>/Yi9Gsi?/

• http:// <web translate service provider domain >/translate?u=< some shorten URI Domain>/wqEZs?/

• http:// <web translate service provider domain >/translate?u=< some shorten URI Domain>/kK17V?/

• http:// <web translate service provider domain >/translate?u=< some shorten URI Domain>/4cj4?/crowded answer.htm&hl=en

Because online web translators are very effective and powerful tools, spammers have targeted and spoofed these application links to bypass spam filters and get their victims to click the links.

In the past, security experts have come across incidences of spammers who employed URI shorteners to avoid domain blacklists. Now spammers have pioneered spamming with web translator links similar to the shortened URI sites. We have seen this campaign used especially for pharmacy spam using the following subject lines:

Subject-Line Examples

• If your wife in bed resembles a log apply pure magic of pharmacy!

• When sexual problems suddenly come into your life you’d better be prepared to meet it!

• Autumn is the season of giant savings all over the world! Boost your health

• One tiny pill can make your erection ten times harder. See the difference!

• Doctors didn’t help me restore my sexual activity and health. But Tibetan monks did!

We have found that all the samples come from free-account web mailers with various accounts linked with them. Spammers spoofed and used web email accounts to send their messages.

“From” Header Examples

• Angie De La Riva <hubcap.betty@<web mailer  domain>>

• yoko <yokobedoko@<web mailer  domain>>

• Rainforest La <mssubmit63@<web mailer  domain>>

• wutupbatch26@<web mailer  domain>

• Nkateko Siwele <nkateko108@<web mailer  domain>>

Spammers usually just crowd some spammed links using shortening services that redirect victims to a phishing pharmacy website. Once the user clicks on a spoofed URL, a query appears that is mapped to some other bogus-link location on a web-translation service provider domain search box. That link redirects to the pharmacy spam site. The following image shows the view after the connection to a redirected website:



Final Redirect

The translator engine tries to translate this website but cannot because the inserted fake link redirects the victim to a forged pharmacy site:



Email Sample

Most samples come with a single hyperlink and some spam content in the text body and subject lines. In this campaign,  spammers pick the translator service to make it tricky for antispam companies to filter or become aware of this latent spam. Spammers target the recipients with emails designed to tickle their curiosity.



As always, we advise users to follow best practices to avoid any targeted fraud/spam/phishing harassment.

• Do not open or click any links in emails from unknown persons

• Ignore unsolicited requests for sensitive personal information

• Regularly update your security software, such as McAfee Email & Web security product

• Don’t open any suspicious attachments in emails from unknown persons


Orginal article: Wednesday, April 3, 2013 at 9:16am by Kamalesh Singh
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Beware of Clicking the Web Translator Hyperlink
« on: 04. April 2013., 12:52:09 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Beware of Clicking the Web Translator Hyperlink
« Reply #1 on: 04. April 2013., 18:55:26 »
...

Because online web translators are very effective and powerful tools, spammers have targeted and spoofed these application links to bypass spam filters and get their victims to click the links.

In the past, security experts have come across incidences of spammers who employed URI shorteners to avoid domain blacklists. Now spammers have pioneered spamming with web translator links similar to the shortened URI sites. We have seen this campaign used especially for pharmacy spam using the following subject lines:

...


This is something new (at least for me), I'll have to study well this scheme...  :police:

Thanks P.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Re: Beware of Clicking the Web Translator Hyperlink
« Reply #2 on: 05. April 2013., 10:26:56 »
Her is one methode to use to hack a facebook account.

http://www.youtube.com/watch?v=zBZrynmd7cU
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Beware of Clicking the Web Translator Hyperlink
« Reply #3 on: 05. April 2013., 19:53:22 »
Her is one methode to use to hack a facebook account.

http://www.youtube.com/watch?v=zBZrynmd7cU

This method (Phishing: http://en.wikipedia.org/wiki/Phishing ) is a well known and unfortunately still very successful. :(

I recommend this video to all SCF members!
  :thumbsup:

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
Re: Beware of Clicking the Web Translator Hyperlink
« Reply #4 on: 06. April 2013., 01:48:10 »
There are others.. like catching the Session ID on Insecure Wifi networks...

Samker's Computer Forum - SCforum.info

Re: Beware of Clicking the Web Translator Hyperlink
« Reply #4 on: 06. April 2013., 01:48:10 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023