[X Newbies] Vicious Spam

[Bruce Klutchko]

On 1/26/04 1:35 PM, "Vincent Cayenne" <vcayenne at mac.com> wrote:

> At 11:55 AM -0600 1/26/04, Michael Winter wrote:
>>> <http://www.fdic.gov
@211.191.224.108:3180/index.htm>
>> 
>> See the @211.191.224.108? The "@"  means the numerical IP address is
>> the one being used, and anything in front of that is simply data
>> being sent along for the ride.
> 
> Actually, for protected areas of a site requiring login, a legitimate
> URL construct is http://username:password@actual.site.address, so web
> servers "see" the URL we're looking at a little differently from the
> way many would suspect. The http:// is standard, then the entire bit
> before the @ would be passed as a login and the stuff between the @
> and the : is the site address. After the second : comes the port on
> that machine that's being accessed - usually it is port 80 and does
> not have to be specified as that's the default but they're running
> their server on 3180 instead. The rest is the specific document on
> that server that is being retrieved for display by the browser.
> 
>>  That's how some sites determine who "refers" the browser to them
>> (mostly used for ads). In this case though, its simply being used to
>> obfuscate the actual address.
> 
> Yes, they're using a valid URL construct that is obscure to many
> people so that even if recipients go beyond the underlined URL in
> their HTML mail display and actually look at the real address, many
> might look no further than the portion before the @ and that portion
> has nothing to do with the destination.

You should see the site the URL leads to. It is I\stolen so well from the
FDIC that it links to the real FDIC site in many respects and greatly
resembles the real FDIC site.

-- 
Bruce
____________________________________________________
B R U C E  K.   klutch-at-erols.com