You won 100$ or a free iPad!

Published: 2011-12-12. Last Updated: 2011-12-12 23:21:39 UTC
by Daniel Wesemann (Version: 3)
2 comment(s)

Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains.

wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below

 

Clicking through leads to another page, where to claim the prize lots of personal information must be entered. They even have a "Privacy Policy" of sorts in the fine print, and it even seems to be unexpectedly honest:

(a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply).


Be careful what you wish for .. this free iPad comes with plenty strings attached!

 

Update: Other prominent typo domains affected include youtrube-com, youotube-com, youzube-com. RUS-CERT's passive DNS has a long list of domains pointing to the same IP: http://www.bfk.de/bfk_dnslogger.html?query=69.6.27.100#result

Keywords: advertising scam
2 comment(s)

Java 6u30 released

Published: 2011-12-12. Last Updated: 2011-12-12 20:59:11 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)

Oracle have released Java 6 Update 30 (6u30) today. The fixes are mostly of functional nature. As far as we can tell from the release notes, no gaping security craters had to be leveled out this time .. for a change. Two security related fixes are still noteworthy for developers, one affects the use of SSL (TLS_DH_anon_WITH_AES_128_CBC_SHA), the other is about the use of secure cookies in HTTPS when the applet gets invoked via JavaScript. The full release information and list of fixes are available on Oracle's web site.

 

Keywords: java
2 comment(s)

Comments


Diary Archives