10-12-2011, 02:56 AM
As first reported on the Symantec blog, Symantec software recently detected spammers abusing a security hole at large domain parking services. Symantec has consequently âautomatically blocked tens of thousands of these domainsâ.
The security hole relates to an open redirect script hosted on said parking service providers, which can be used by spammers to redirect to other sites.
How exactly did spammers exploit this security hole?
Itâs actually quite simple. Say cooking.com happens to be parked on a parking service provider with this particular security hole. The spammers send an email with text similar to the one below to people they spam:
âHello, Iâd love for you to check out what I have been cooking lately. Just click below:
http://www.cooking.com/redirect/aHR0cDov...mNvbQ==â
The aHR0cDovL3d3dy5teXNwYW13ZWJzaXRlLmNvbQ== above is actually url http://www.myspamwebsite.com base64 encoded as the said exploit requires base64 encoded urls to work.
So, the people being spammed are seeing a legitimate looking domain name like cooking.com in their emails which gives them confidence that their click will take them to a legitimate website â only to be redirected to http://www.myspamwebsite.com.
Obviously, Symantec has spam blocked a huge number of these domain names which might even end up being banned by search engines â this is quite bad. Symantec has informed the parking service providers about the security hole so hopefully the parties involved will work to fix the problem. Letâs hope Symantec will then remove the domain names from their block lists to prevent long term damage.
About Eranet
Todaynic.com International Limited(Eranet.com) was incorporated in Hong Kong in 2005, directly under Todaynic.com, Inc. which was established in 2000. As one of the first ICANN (The Internet Corporation for Assigned Names and Numbers), Verisign, HKDNR, and CNNIC (The China Internet Network Information Center) accredited registrars, Eranet is also a leading provider of services in domain name registration and web hosting.
Register domain names here
The security hole relates to an open redirect script hosted on said parking service providers, which can be used by spammers to redirect to other sites.
How exactly did spammers exploit this security hole?
Itâs actually quite simple. Say cooking.com happens to be parked on a parking service provider with this particular security hole. The spammers send an email with text similar to the one below to people they spam:
âHello, Iâd love for you to check out what I have been cooking lately. Just click below:
http://www.cooking.com/redirect/aHR0cDov...mNvbQ==â
The aHR0cDovL3d3dy5teXNwYW13ZWJzaXRlLmNvbQ== above is actually url http://www.myspamwebsite.com base64 encoded as the said exploit requires base64 encoded urls to work.
So, the people being spammed are seeing a legitimate looking domain name like cooking.com in their emails which gives them confidence that their click will take them to a legitimate website â only to be redirected to http://www.myspamwebsite.com.
Obviously, Symantec has spam blocked a huge number of these domain names which might even end up being banned by search engines â this is quite bad. Symantec has informed the parking service providers about the security hole so hopefully the parties involved will work to fix the problem. Letâs hope Symantec will then remove the domain names from their block lists to prevent long term damage.
About Eranet
Todaynic.com International Limited(Eranet.com) was incorporated in Hong Kong in 2005, directly under Todaynic.com, Inc. which was established in 2000. As one of the first ICANN (The Internet Corporation for Assigned Names and Numbers), Verisign, HKDNR, and CNNIC (The China Internet Network Information Center) accredited registrars, Eranet is also a leading provider of services in domain name registration and web hosting.
Register domain names here