Geek4Eva

OWASP (Open Web Application Security Project) recently released OWASP Top 10 – 2010 rc1, their new Top Ten List of website vulnerabilities.

At number eight (8) there is a new entry – A8 – UnvalidatedRedirects and Forwards (NEW). I thought I’ll briefly talk about it as it recently happened with me.

I received the following email from a friend on Facebook (FB). When a user on FB sends an email with a link, FB prefixes the link with its own URL: http://www.facebook.com/<sometext>/<original link>

As any normal user I clicked on the link thinking what it must be.

The link redirected me to the following page:

What this page was trying to do was: it displayed the message “Content requires Adobe Flash Player 10.37…”.
If the user clicked on ‘Install’ it downloaded a “setup.exe” file.
On double-clicking it, it would have tried to infect your PC.

If you look at the page closely there are number of issues in there to help the user identify that it is a phishing page.

1. The title of the page (on top left) is spelt wrongly – YuoTube
2. User has used Facebook’s icon as the website icon
3. The link/URL is neither Facebook.com nor Youtube.com, in fact it is just an IP address
4. Message “…Contect requires Flash Player…” is itself embeded inside a flash video. As in flash is already installed and running on the page.

Hacker has tried to make the page look as similar as possible to Youtube, but it fails big time. Above are some of the quick noticable items, but this page actually nowhere close to a real Youtube page.

TIP: The best way to identify if it is a phishing site or not is by noting the domain name of the website. If the domain name does not sound familiar to the site you were supposed to be at then there is something wrong.

Related Posts

1. Phishing Example #2
2. One More Reason to Use Google Chrome
3. Clickjacking
4. Facebook Privacy Changes
5. Usability Testing