December 27th, 2005, 08:57 PM
Weird/Fake Gmail Screen
donno if this goes in this section.
I am in a net cafe,Win XP,i checked my gmail and couple of google services
everything is good, but even i am logged in into my gmail account there is that page that keeps popping every 3 min after i close it,i can notice the address in the taskbar changing from www to welcome..but i can not notice the original address
so in short is there any recent Gmail vuln...how do we report this... how to find out/make sure if this is a fake log in screen or not? and trace the original address ?
(maybe i would learn a couple of things from this)
anyone having the same thing ?
this is the link that displays in the page :
and this is the source code of the page attached below ?
anything else ?
10x guys in advance
December 28th, 2005, 07:07 AM
Ok i took that File you attached and i opened it up in Notepad, i then saved the file with a .html extension.
I then went to the gmail login page
https://gmail.google.com, and i grab there source code, and i then loaded up the file that i converted into .html into the browser as well, it loaded up and the 2 pages looked identical.
So i grabbed the source code from the fake gmail.
Here is something that i noticed, well seemed a little odd to me, but i could just be being paranoid.
Fake Gmail Source Code
Can you spot the difference..
Authentic Gmail Source Code
December 28th, 2005, 07:28 PM
I came back today at the same net cafe,same pc.. checked my gmail and waited couple of minutes nothing happened...
The guy there is using DeepFreeze2000xp
and when i came back the computer looked the same, there was no history in IE...
so i think it was something from a site i visited yesterday
but i did not visit something naughty, i visited couple of sites and blogs, tried to remember as many as possible and re-visit today...nothing happened...
so guess i will drop it, and change my password and info...
thank you for ur help .:front2back:.
and i will do some search about faked screen, how to trace them blablabla..
just have to make some time and will keep u updated guys if i found something intresting
December 28th, 2005, 08:17 PM
heh deepfreeze rotf. my teacher tried that with me..didnt work to well. If our fortress pass was 2 numbers..yea not to much of an improvement.
"When in doubt, use Brute Force."
Never argue with an idiot. They'll drag you down to their level, then beat you with experience.
December 28th, 2005, 08:26 PM
aha! got the bastards....
I am about to leave... spent about 1 hr of time on the pc...the pop screen came back
the websites i re-visited :
- antionline (admit it guys.. is that u ? )
- puppy linux.org
- net2dial(got that from google add) and re-clicked on the inside links of send free sms some pop ups came (sms2sms.com) and sms2sms/shots.htm,sms2sms/pc-2-pc.htm-********usagreencard/adv.htm
a pop up window :
-http://jamalghosn.blogspot.com/2005/12/hi5-challenges.html and a link that led to
bravenet guest map :
-test window :S :S (a blank window just appears: address mercury.bravenet.com/network/jstarget.html
i visited some new pages :
f-secure.com/weblog and a link from there crackz.ws a pop up came from crackz.ws
so that is my browsing history...
chatted on msn with couple of highly trusted real life frnds, did not send/receive anything
So i think i have to do little filtering...have to use another computer to visit unique page at it
but net cafe is full :S and it is kinda late..
so i will re-test pages later...
but in the meanwhile... watchout guys.. those are the pages..
if anyone found the one.. plz do let me know...
and in that case what u usually do guys.. who can shut up a website that is generating fake log in screens and trying to steal ppls passwords ? who should the end-user contact ?
of course i won't go to the nearby police center :P ...