GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Mouseover/URL spoofing triggers virus scanners

The Hun · 01-03-2004, 03:23 AM

Lately I've been getting a lot of reports about Trojan virusses, mostly stuff like URL.Spoof Exploits and such. I couldn't find anything on these machines though. I found what it was...

Somehow McAffee detects the following notation of a URL as a URL Spoof Exploit: http://www.sapphicerotica.comhahahah...0000&PA=445213 (if this somehow doesn't make sense, check the notation of the banners on http://www.xfreehosting.com/hardcore...0456/sss34.htm)

It's the '@' between the first part of the URL and the read URL. The first part is made to look like a full URL, but it's send as a password. Somehow McAffee things this is spyware. I'm going to adjust my bot not to accept this anymore since I'm getting a lot of reports. If you want to hide the 'real' URL it might be a better idea to use a mouseover or something...

Oh, and of course, happy new year! ;-)

01-03-2004, 03:23 AM
The Hun Confirmed User Join Date: Jan 2001 Location: The Netherlands Posts: 1,207	Mouseover/URL spoofing triggers virus scanners Lately I've been getting a lot of reports about Trojan virusses, mostly stuff like URL.Spoof Exploits and such. I couldn't find anything on these machines though. I found what it was... Somehow McAffee detects the following notation of a URL as a URL Spoof Exploit: http://www.sapphicerotica.comhahahah...0000&PA=445213 (if this somehow doesn't make sense, check the notation of the banners on http://www.xfreehosting.com/hardcore...0456/sss34.htm) It's the '@' between the first part of the URL and the read URL. The first part is made to look like a full URL, but it's send as a password. Somehow McAffee things this is spyware. I'm going to adjust my bot not to accept this anymore since I'm getting a lot of reports. If you want to hide the 'real' URL it might be a better idea to use a mouseover or something... Oh, and of course, happy new year! ;-)