Monday, June 27, 2011

Saturday, June 18, 2011

comment spam using CAPTCHAs to trick users

Looks like we get a new variant of Like-Jacking based on involuntary comments by tricking the user to enter a CAPTCHA

When you click on a friends link to a "funny" youtube video, the next page asks for a Youtube Security Verification


This page is acutally a facebook comment page for the spam page that asks you to enter "ha haha" into the comment fields, you can enter anything of course, but most people will try to match the CAPTCHA text.



The resulting comment entry in your own stream looks like this, due to the fact that Facebook sorts posts by relevant users and by time by default means that you will not even notice that you posted a comment unless you change to sort by date.

The following page is made up to look like youtube however it is a page created by the spammer to place a few ads and open popups, the video is started by clicking onto the broken "youtube" video.



Sunday, June 5, 2011

Bauernfängerei für Anfänger

Wenn Du schon die Besucher täuschen willst, dass es ein "eiliges" Angebot gibt, sollte möglicherweise die Uhrzeit nicht mit Sekundenangabe auf der Seite stehen.


In Javascript wird aktuelle Uhrzeit eingetragen, wie blöd muss man sein um auf sowas reinzufallen.