CNN redirect exploited by scammers


By now you know not to believe those emails promising overnight wealth with very little effort – right?  Seriously.

These spam campaigns apparently still attract enough clickers.  The subjects in a recent outbreak were typically bold and the emails featured short one-liners promising work-from-home riches.

The clever touch was providing a link that exploits redirect functionality supported by CNN’s ad servers.  The link is structured as follows:–XW

Clicking on the link sends a request to CNN which instructs the browser to send a second request to the redirect URL – in this case the shortened http:/—XW.  The host site would not be aware of the misuse – the spammer is simply abusing legitimate ad-serving functionality.

This technique provides several advantages to the spammer:

1)      The URL from might give the impression that there was a genuine CNN-worthy story to be found

2)      The reputable site name would allay fears of anything malicious lurking at the end of the click.

3)      Most URL filtering solutions would not block the initial request to (although reputable solutions would have been updated in real time about the follow on link which would be blocked)

In addition the shortened URL further obfuscates the final destination which turns out to be a “career digest” with “true” stories of people-just-like-you-who-worked-from-home-and-made-money.

Clicking on any of the 24 links leads you to a site offering an “Auction Listing Agent” course.  Do a brief search for “Auction Listing Agent” and you will discover, not surprisingly, that this is a recognized scam.  A good summary of the scam and unfortunate stories of victims appears here.

Go back