-
December 27th, 2005, 09:57 PM
#1
Weird/Fake Gmail Screen
Hi, Guys
donno if this goes in this section.
I am in a net cafe,Win XP,i checked my gmail and couple of google services
everything is good, but even i am logged in into my gmail account there is that page that keeps popping every 3 min after i close it,i can notice the address in the taskbar changing from www to welcome..but i can not notice the original address
so in short is there any recent Gmail vuln...how do we report this... how to find out/make sure if this is a fake log in screen or not? and trace the original address ?
(maybe i would learn a couple of things from this)
anyone having the same thing ?
this is the link that displays in the page :
[text]"https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fnotifier%2Ftest%3F%26TYPE%3Dhtml%26DOMAIN%3D%26ui%3Dhtml%26zy%3Dl"[text]
and this is the source code of the page attached below ?
anything else ?
10x guys in advance
-
December 28th, 2005, 08:07 AM
#2
Ok i took that File you attached and i opened it up in Notepad, i then saved the file with a .html extension.
I then went to the gmail login page
https://gmail.google.com, and i grab there source code, and i then loaded up the file that i converted into .html into the browser as well, it loaded up and the 2 pages looked identical.
So i grabbed the source code from the fake gmail.
Here is something that i noticed, well seemed a little odd to me, but i could just be being paranoid.
Code:
Fake Gmail Source Code
href="ForgotPasswd?continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fnotifier%2
Ftest%3F%26TYPE%3Dhtml%26DOMAIN%3D%26ui%3Dhtml%26zy%3Dl&service=mail"
Code:
Authentic Gmail Source Code
href="ForgotPasswd?continue=https%3A%2F%2Fmail.google.com%2Fmail%2
F%3Fui%3Dhtml%26zy%3Dl&service=mail"
Can you spot the difference..
-
December 28th, 2005, 08:28 PM
#3
I came back today at the same net cafe,same pc.. checked my gmail and waited couple of minutes nothing happened...
The guy there is using DeepFreeze2000xp
and when i came back the computer looked the same, there was no history in IE...
so i think it was something from a site i visited yesterday
but i did not visit something naughty, i visited couple of sites and blogs, tried to remember as many as possible and re-visit today...nothing happened...
so guess i will drop it, and change my password and info...
thank you for ur help .:front2back:.
and i will do some search about faked screen, how to trace them blablabla..
just have to make some time and will keep u updated guys if i found something intresting
-
December 28th, 2005, 09:17 PM
#4
heh deepfreeze rotf. my teacher tried that with me..didnt work to well. If our fortress pass was 2 numbers..yea not to much of an improvement.
"When in doubt, use Brute Force."
Never argue with an idiot. They'll drag you down to their level, then beat you with experience.
-
December 28th, 2005, 09:26 PM
#5
aha! got the bastards....
I am about to leave... spent about 1 hr of time on the pc...the pop screen came back
the websites i re-visited :
- gmail
- antionline (admit it guys.. is that u ? )
- www.google.com/adsense
- www.blogger.com
- hotmail
- astalavista.com
- puppy linux.org
- linuxgazette.com
- net2dial(got that from google add) and re-clicked on the inside links of send free sms some pop ups came (sms2sms.com) and sms2sms/shots.htm,sms2sms/pc-2-pc.htm-********usagreencard/adv.htm
a pop up window :
http://amch.questionmarket.com/adscg...&secs_up=36000
-http://jamalghosn.blogspot.com/2005/12/hi5-challenges.html and a link that led to
bravenet guest map :
http://pub42.bravenet.com/guestmap/s...om=0&welcome=1
-test window :S :S (a blank window just appears: address mercury.bravenet.com/network/jstarget.html
i visited some new pages :
f-secure.com/weblog and a link from there crackz.ws a pop up came from crackz.ws
so that is my browsing history...
chatted on msn with couple of highly trusted real life frnds, did not send/receive anything
So i think i have to do little filtering...have to use another computer to visit unique page at it
but net cafe is full :S and it is kinda late..
so i will re-test pages later...
but in the meanwhile... watchout guys.. those are the pages..
if anyone found the one.. plz do let me know...
and in that case what u usually do guys.. who can shut up a website that is generating fake log in screens and trying to steal ppls passwords ? who should the end-user contact ?
of course i won't go to the nearby police center :P ...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|