Hi malware fighters,
I stumbled upon this: http://hugeurl.com/
Has been started as a joke, but what happens if you huge-up a malicious URL?
Like your comments?
polonus
Hi malware fighters,
I stumbled upon this: http://hugeurl.com/
Has been started as a joke, but what happens if you huge-up a malicious URL?
Like your comments?
polonus
Lol, that’s ridiculous!
Of course, if I saw a link like that anywhere, I’d think it was malicious anyway, regardless if it was or not.
Hi scythe944,
As it is similar to obfuscation, there is another one here: http://www.reallyhugeurl.com/
Whoever thought of this never realized what the consequences could be if one gives in a malicious address.
Or am I the only one, because I have a malware fighting set of brains?
Can you test if avast webshield will flag malcoded addresses huged up that way.
Anyone,
polonus
Well, find me a link to a bad website, and we’ll make a hugeurl out of it and give it a shot. All the computers that I use for work are just junk machines anyway, if anything happens I’ll just blow it away and rebuild it.
No biggie.
As for your question,
Whoever thought of this never realized what the consequences could be if one gives in a malicious address.
Or am I the only one, because I have a malware fighting set of brains?
I think anyone that has used a computer for a while would think the same way, I know I do.
I admit that’s funny ;D …adding : who clicks on those links?
I just tried with Google.com, worked like a charm and the web shield didn’t make any noise ;D
Hi Logos,
What if they are inside a hidden iFrame link. What if you click on such an obfuscated URL as part of injected code.
Use your imagination, man. It is not going to appear as a link in your address bar or as a Google search query to give in (probably too large anyway), it is going to be abused by folks who could have it available “on the fly” because it won’t appear suspicious because it was taken from a fun site. Such online services should be blocked by an av solution as being possible riskware. Well the use of it can be used to deliver malcode. Am I wrong?
pol
Use your imagination, man
hey thanks for the tip : … allow me to add that I thought about the hidden possibilities…I just didn’t mention it :
adding: there’s a huge potential for malware, obviously…complete links appear in browsers’ status bar when you hover your little mouse pointer over a link…so that’s a warning already…if you looked ;D
I just had a really huge URL and mega strings stretching over 4 lines of wrapped text, and it was legit but ordinarily I wouldn’t touch it with a huge stick.
Guess who it was from paypal, notifying me of a change to the User Conditions, etc. for a company like paypal that warns of phishing, etc. this is a huge (I know) blunder as far as building trust goes. Not only that but the huge/mega URL also redirected (blocked by the firefox add-on RequestPolocy) to another domain, totally crazy when you are talking about what is a financial site with all the ensuing risk of phishing.
Hi DavidR,
But what webadmin of a hosting site allows for such an online anonymous service that could so easily be abused in various ways. What we saw as a risk at just a glance, they could not. Just folks operating on automatic, unbelievable!?! Totally irresponsable, because you learn young bloggers to obfuscate from the start, and as you said that is bad for the trust model, whereon security depends. I would like users to report these sites to WOT as possible dangerous,
polonus
hey guys, now that i think about it, I never pasted sunspider tests results in my posts because they seem to use URLS like that:
http://www2.webkit.org/perf/sunspider-0.9/sunspider.html
(the link you get after a test has completed is just huge; I think Technet (for forum posts) is also using URLS like that )
Hi Logos,
What if we make a combination of a Funkyfied url and then make it huge:
http://funkyfilters.com/url/obfuscation/
This is the technique behind it and there are various tools to do this all automatically:
http://www.searchlores.org/tools.htm
specifically
http://www.searchlores.org/sonjas33.
polonus
Hi Polonus,
where do you find all these things… is there some kind of parallel internet run by anti-malware knights and during one of your secret meetings they allow you once in a while to leak some info ??? ;D
I’m just kidding, your contribution here on Avast forums is really appreciated
http://img.photobucket.com/albums/v294/exodusforever/Warhammer/TheDarkKnightsoftheEmpire.jpg
Hi Logos,
I can return that question, you also inspired me previous times big time. Well I remembered the lessons from the old reverse gurus like f.ravia, ORC+, woodman, and also you can do some packing and compressing javascript online (totally benign off course just for educational puposes) and then learn from some jsunpacking. It is like getting introduced in a line of thinking, you start to recognize the patterns, the malcode fragments starts standing out, you will know where to look. You are also developing in this direction. The common reason for it is to protect better,
polonus
Logos,
Polonus is a member of the Avast Knight Templar a secret brotherhood that is why he/she goes to all those secret meetings ;D
Polonus has contribution a lot here on Avast forums and I’ve learn good advice on security, anti-virus, malware, etc etc all the information and website he/she has help us to keep a lookout for those nasty things.
oh I see 8)
oh nooo!!! don’t go to that one! it’s malicious!
lol. Just kidding. Just my broke-ass forum.
I updated the only post on the forum that is readable…
I explained it there: http://www.jacobytech.net/forum/index.php?topic=1.msg1#msg1