Results 1 to 5 of 5

Thread: Weird/Fake Gmail Screen

  1. December 27th, 2005, 09:57 PM #1
    beee
    beee is offline
    Senior Member
    Join Date
    Sep 2004
    Posts
    117

    Weird/Fake Gmail Screen

    Hi, Guys
    donno if this goes in this section.

    I am in a net cafe,Win XP,i checked my gmail and couple of google services
    everything is good, but even i am logged in into my gmail account there is that page that keeps popping every 3 min after i close it,i can notice the address in the taskbar changing from www to welcome..but i can not notice the original address

    so in short is there any recent Gmail vuln...how do we report this... how to find out/make sure if this is a fake log in screen or not? and trace the original address ?
    (maybe i would learn a couple of things from this)

    anyone having the same thing ?



    this is the link that displays in the page :

    [text]"https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fnotifier%2Ftest%3F%26TYPE%3Dhtml%26DOMAIN%3D%26ui%3Dhtml%26zy%3Dl"[text]



    and this is the source code of the page attached below ?
    anything else ?

    10x guys in advance
    Reply With Quote Reply With Quote
  2. December 28th, 2005, 08:07 AM #2
    .:front2back:.
    .:front2back:. is offline
    Banned
    Join Date
    Feb 2004
    Posts
    2,579
    Ok i took that File you attached and i opened it up in Notepad, i then saved the file with a .html extension.
    I then went to the gmail login page
    https://gmail.google.com, and i grab there source code, and i then loaded up the file that i converted into .html into the browser as well, it loaded up and the 2 pages looked identical.
    So i grabbed the source code from the fake gmail.
    Here is something that i noticed, well seemed a little odd to me, but i could just be being paranoid.

    Code:
    Fake Gmail Source Code

href="ForgotPasswd?continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fnotifier%2
Ftest%3F%26TYPE%3Dhtml%26DOMAIN%3D%26ui%3Dhtml%26zy%3Dl&service=mail"
    Code:
    Authentic Gmail Source Code

href="ForgotPasswd?continue=https%3A%2F%2Fmail.google.com%2Fmail%2
F%3Fui%3Dhtml%26zy%3Dl&service=mail"
    Can you spot the difference..
    Reply With Quote Reply With Quote
  3. December 28th, 2005, 08:28 PM #3
    beee
    beee is offline
    Senior Member
    Join Date
    Sep 2004
    Posts
    117
    I came back today at the same net cafe,same pc.. checked my gmail and waited couple of minutes nothing happened...

    The guy there is using DeepFreeze2000xp
    and when i came back the computer looked the same, there was no history in IE...
    so i think it was something from a site i visited yesterday
    but i did not visit something naughty, i visited couple of sites and blogs, tried to remember as many as possible and re-visit today...nothing happened...
    so guess i will drop it, and change my password and info...

    thank you for ur help .:front2back:.

    and i will do some search about faked screen, how to trace them blablabla..
    just have to make some time and will keep u updated guys if i found something intresting
    Reply With Quote Reply With Quote
  4. December 28th, 2005, 09:17 PM #4
    mandraketux
    mandraketux is offline
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    heh deepfreeze rotf. my teacher tried that with me..didnt work to well. If our fortress pass was 2 numbers..yea not to much of an improvement.
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.
    Reply With Quote Reply With Quote
  5. December 28th, 2005, 09:26 PM #5
    beee
    beee is offline
    Senior Member
    Join Date
    Sep 2004
    Posts
    117
    aha! got the bastards....

    I am about to leave... spent about 1 hr of time on the pc...the pop screen came back

    the websites i re-visited :
    - gmail
    - antionline (admit it guys.. is that u ? )
    - www.google.com/adsense
    - www.blogger.com
    - hotmail

    - astalavista.com
    - puppy linux.org
    - linuxgazette.com

    - net2dial(got that from google add) and re-clicked on the inside links of send free sms some pop ups came (sms2sms.com) and sms2sms/shots.htm,sms2sms/pc-2-pc.htm-********usagreencard/adv.htm
    a pop up window :
    http://amch.questionmarket.com/adscg...&secs_up=36000

    -http://jamalghosn.blogspot.com/2005/12/hi5-challenges.html and a link that led to
    bravenet guest map :
    http://pub42.bravenet.com/guestmap/s...om=0&welcome=1
    -test window :S :S (a blank window just appears: address mercury.bravenet.com/network/jstarget.html

    i visited some new pages :
    f-secure.com/weblog and a link from there crackz.ws a pop up came from crackz.ws

    so that is my browsing history...
    chatted on msn with couple of highly trusted real life frnds, did not send/receive anything

    So i think i have to do little filtering...have to use another computer to visit unique page at it
    but net cafe is full :S and it is kinda late..
    so i will re-test pages later...
    but in the meanwhile... watchout guys.. those are the pages..
    if anyone found the one.. plz do let me know...

    and in that case what u usually do guys.. who can shut up a website that is generating fake log in screens and trying to steal ppls passwords ? who should the end-user contact ?
    of course i won't go to the nearby police center :P ...
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules