[vox-tech] one of the most pernicious spams i've ever seen.
vox-tech@lists.lugod.org
vox-tech@lists.lugod.org
Thu, 25 Sep 2003 07:24:56 -0700
On Thu 25 Sep 03, 9:49 AM, Rob Rogers <rob@wizardstower.net> said:
> On Thu, Sep 25, 2003 at 06:30:32AM -0700, p@dirac.org wrote:
> >
> > my question is -- how is this done? how does this URL:
> >
> > http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT/3/?IYTEw
> > 4eVTtbH1w6CpDrT
> >
> > bring up citibank.com's webpage and then another page with the
> > account/PIN grabber? i've never seen anything like this before.
>
> If you break down that url it looks like:
>
> www.citibank.com <- username
> : <- seperator
> ac=VybznNffNxknAUxPrfE2jYaQUptJ <- password
> @ <- at (duh)
> a3ksd.PiSeM.NeT <- servername
> /3/?IYTEw4eVTtbH1w6CpDrT <- misc crap
>
> And doing a wget on that url gives me this (comments added)
>
>
> <HTML><HEAD>
> <META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://citibank.com/us/index.htm">
>
> <title></title></HEAD>
> <BODY bgColor=#ffffff onload="window.open('welcome2.html', 'nameit',
> 'top=185,left=250,width=300,height=230,toolbar=no,location=no,scrollbars=
> no,resizable=no')">
> </BODY></HTML>
i didn't know this. so, an URL is of the form:
URL = user:password@url
where lowercase "url" is what i used to think of as being an url. and
the "user:password@" portion is optional.
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D