On Sep 13, 2012, at 12:34, Matthew Black wrote: > Checking if anyone else has heard of this protocol. It seems to be a method > of bypassing security filtering software. > > The reason I ask is that we received a security alert with a link > hxxp://pastebin.com/###. > > Seems very suspicious and want to know if anyone can shed light. Is this a > new phishing/malware methodology?
Using "hxxp" is a common method to prevent auto-linking by various email/IM clients and/or forum software to then require the user to actively copy/paste the URL to get the content. In the case of a security alert, I could see it being used if the destination is in fact an example of an attack site to prevent someone from inadvertently clicking the link and getting infected. --- Sean Harlow [email protected]
