|
|
|
|
|
|
| Search | ||||||||||||
| Vulnerabilities Alerts | ||||||||||||
|
||||||||||||
| IT Directory | ||||||||||||
|
||||||||||||
 | |
|
2009-11-10 17:45:12 | |
| Our team recently created a new Web-based tool that uses referrer spoofing, which can potentially lead to phishing, in order to increase traffic on specific websites. Generally speaking, phishing is a scam used to mine sensitive information out of unwary web surfers by showing them what appears to be a reputable website, but is actually a fake. Users are asked to enter sensitive information under the guise of increasing their security. Referrer phishing works in a similar way, but instead of stealing sensitive information, it allows to increase the visitor flow to a specific website. | |
|
How does Referrer Phishing work?
By pretending to refer a considerable flow of visitors to a site, referrer phishing basically sends a site's URL to the statistics of another site. The result of this is often that the site or blog owner goes to visit the URL displayed in his stats page, curious site owners being interested in knowing where their traffic is coming from. How is it done? For phishing to be effective, many different things are used. First of all, a list of sites to crawl is needed. To get this, one would need to either select them manually or use a spider to get a list of sites. The Web 2.0 concept suggests that we can let others enter the sites for us. The list of sites to crawl must not be too big, otherwise it will take too long for the crawlers to go through all of them. The second ingredient for referrer phishing is to have many IP addresses. More addresses means more audience. Separation between the application (database driven) and the crawlers is essential. A distributed crawler system has two advantages: firstly, a large number of IP addresses often has a bigger impact on the statistics system; secondly, the bandwidth can be distributed over different ISP's (Internet Service Providers). There is a close relation between the number of distributed crawlers and the number of sites to crawl. With too many sites and not enough crawlers, the chances of appearing on the top 5 referrers of a site's statistics are reduced. The opposite problem can also occur: having too small a number of sites reduces the number of site administrators you can reach. Web advertising use We are at a critical time; Web publicity budgets are exploding and we offer a new technique that allows to you to reach business owners directly without spending a dime on pay-per-click advertising. If this technique seems to fall into an ethical gray area, think of all the unwanted emails you receive everyday. Adding these spammers sites to a Referrer Phishing application could be a sweet revenge. Our new demo application is open source. Please feel free visit the downloads page and take a look at the PHP code. Send your feedback to support@viaroot.com. The VIARoot Security Team | |
No comment on this post.