There are a lot of online storage services around the net, private or public. With this kind of services it’s pretty easy to save/share personal data. There’s a huge use of this kind of services, especially the ones that let you share files. They offer a free service (you often have a sort of Mb limit) and a fee service (no limit). I never tried uploading a file but I sometimes download files using Rapidshare, the most popular I think.
Like every fee service it’s prone to phishing/fraud. I stumbled on a phish site just today when I wanted to download an archive. As always you click on a link and the initial Rapidshare page appears. Not this time.
The Rapidshare’s link was obscured using ProtectLinks. The address of the archive appears like: “http://protect-links.com/_a_number”. They simply assign a number to a specific web page displaying the content of the web page in this way:
It’s an empty page with a definition of an iframe at the end. iframe tag is used to create an inline frame that contains another document. You can set one or more attributes (frameborder, height,name, width and src), I’m interested in the src attribute only. src is used to define the url of the document to show inside the iframe. From what I have seen that’s how protect-links protects a web page.
This is only one of the services available around the net. In general, I don’t know why people need to protect a page with this kind of services btw.
Anyway, how to protect a rapidshare link? A classic rapidshare link looks like:
http://rapidshare.com/files/_a_number_/_filename_
A protected link declared inside the src attribute looks like:
src=”http://_server_name_path/?link=_original_url_”
_orignal_url_ is the parameter passed to the php page and it represents the original rapidshare link.
Trying to download the file I got this page:
The image above represents an error message, it’s generally displayed when you don’t have a premium cookie saved on your system. This is not the common page I see when I want to download a file. Normally, the original page contains two boxes and it lets you decide to use a free or a premium service. Hitting the premium button without a premium cookie you get this kind of error message.
The page is well defined, the design is like the original one but it’s a fake page. Inspecting some menu items you’ll see that they don’t have the same initial part of the url, they point to two different servers.
Anyway, if you are a registered premium user and you see the error message you simply use your account to login… that’s the problem, when you hit the login button you won’t see anything else than a white page. The result is obvious, your data are now property of someone else.
Can you understand why some people need to protect the link? Well, when a link has been protected you can’t see the original url… and you don’t know where you are sending your login details. This is an unfair use of the protector service for sure.
What to do to protect ourselves from this kind of fraud?
There’s a security advise at rapidshare.com, part of the text sound like: “Generally you should never enter your login information on any websites other than rapidshare.com. Your account information would most likely be stolen.”. That’s a good hint to follow!
July 9, 2008 at 4:06 am
nice work i was sorprendent
im have premium, i know reverse engening and know the work here xposed, if wana redact some to publish in rapidshare support is welcomed in my toppic blog
i was to write some in my blog now
see ya
Apuromafo CLS, i was finded you thx to the
solution of HMX0101 on crackmes.de
nice work
have too others bugs as cookie poison or similar for little time (the cookie valid is sended to some server on rapidshare) but the cookie as hotmail can see the files on the account that xplote some work..
July 9, 2008 at 4:25 am
if have 2 navegators can bypass the phishing place
1navegator take the true link (navegator whithouts cookies)and the other firefox or normal with cookies, can be used the original link that was taken..
June 16, 2009 at 3:00 pm
Protection for your computer.
Orbasoft Antispyware is one of the best options available when you are searching for protection for your computer that you can trust. I know because I have tried many different types of scans in the past and the biggest difference I have found between them is the price. I found the antispyware solution from Orbasoft to be a great option that is affordable and easy to use. Visit http://www.orbasoft.com to learn more about this scan and what it can do for you. If you are like me, you will be glad that you took the time to check it out.