Hiding URLs from Outlook and other mail clients
Today, one of our staff began receiving emails containing URL's similar
to this:
http://drs.yahoo.com/www.example.com/NEWS/*http://slashdot.org/#http://d
rs.yahoo.com/www.example.com/NEWS
When the link is viewed in Outlook (and also Kontact/Kmail), it only
displays the portion before the asterisk:
http://drs.yahoo.com/www.example.com/NEWS/
However, when the link is clicked, drs.yahoo.com issues an HTTP 302 and
redirects the browser to the site after the asterisk.
The URL our user received in her email redirected her to:
http://www.security-warning.biz/personal6/maljo24/www.YAHOO.com/terra.ht
ml
This HTML page then redirects the browser (using javascript) to:
http://www.danni.com/free/modelsdir.html (NOT work safe - it's a soft
porn site).
The worrying part for us was that both Outlook 2000 _and_ Kmail (only
after enabling the HTML facility) only displayed the portion of the URL
before the asterisk, making it easy to trick users into clicking
malicious links. Is this 'bug' actually a 'feature', a 'standard' or
just a coincidence?
Carl.
DISCLAIMER
Any opinions expressed in this email are those of the individual and not
necessarily the Company. This email and any files transmitted with it,
including replies and forwarded copies (which may contain alterations)
subsequently transmitted from the Company are confidential and solely for the
use of the intended recipient. It may contain material protected by
attorney-client privilege. If you are not the intended recipient or the person
responsible for delivering to the intended recipient, be advised that you have
received this email in error and that any use is strictly prohibited.