Bad news for AOL: ever since the service became free in August 2006, it’s been devolving into a phisher’s paradise. Now anyone with a broadband connection can download AOL’s free software and use AOL as a proxy server to redirect a website to any other website. If you think about this for a minute you can see the possibilities: for instance, creating a phishing site that looks exactly like neteller.com, then using AOL’s proxy to redirect the HTTP request through the Thailand Ministry of Education. Think it can’t be done? From chrisohara.org (edited for length):
I just received an email today stating that I needed to log into my neteller.com account to collect the money that I was sent via party poker…I don’t have a neteller account but the link in the email was quite interesting. It uses AOL’s redirect page to redirect to…126.96.36.199, which is in Thailand. It appears it belongs to the Ministry of Education. It appears that one of their computers has been compromised…I contacted AOL, email@example.com, and they have yet to respond.
Link to Email
Link the phishers used
Take a look at the email. Just wanted to make this information public
I visited both the real site and the phisher’s. The phisher’s site looked just like Net Teller’s. There’s not enough differences to tip anyone off that they’re about to hand their money and identities off to these thieves.
The phisher’s site loaded for me in just under a minute the night Chris wrote about it, which is extremely slow for my connection. I figure that’s because I’m in Florida, while AOL’s servers are in Virginia, and The Ministry of Thailand is, well, in Thailand, which makes for a lot of redirects over long distances. I just checked the link again and it’s still redirecting to AOL (I get the Evil Eye symbol in my address bar) but then it freezes. It’s not that the page stops loading; it just never finishes loading. Luckily, I took screen shots that night to prove that what Chris says is true (12-15-07: unluckily, I don’t have them anymore).
If AOL’s servers aren’t being compromised on a grand scale yet, they will be soon, as more phishers use their software to redirect sites through AOL’s free proxies. If you want AOL to do something besides blithely ignoring phishers using their servers to steal people’s money and identities, post a link to this article anywhere you think it might gain attention and spread the word. Until someone tells me differently, I have to assume everyone who writes about this huge vulnerability in their servers is being ignored, which is completely unjustifiable.
If AOL doesn’t find an answer to this problem soon it might be their own downfall. Websites will have no choice but to block their IPs en masse to prevent redirects. So many sites will become inaccessible with their software AOL will have to abandon it altogether…not to mention what it could do to their reputation if that comes to pass.
…it looks like either AOL’s users are having their computers hijacked or AOL’s Proxy servers are being used by nigerians. At any rate when i look at their accounts they’ve got a AOL email address, AOL brow[s]er and US ip address it makes it hard to tell who is legitimate or not from AOL.
If someone from AOL is reading this here is one of the IP’s being used 188.8.131.52. AOL has gotten real bad the last few weeks, I can only imagine how much grief they are causing myspace.
Marcus has had responses from plenty of people, including me, who agree something “phishy” is definitely going on.
Nafziger’s Net has an excellent article about Marcus’ problem and how it relates to AOL’s proxy issues. One highlight from it:
So, what happens as AOL becomes a spam gateway? One of two things:
*they begin policing their free users. An expensive and challenging option.
*regular users of AOL have a harder time doing things online. They get asked for extra information when they make purchases (or have them outright rejected), get rejected when they apply for credit cards, etc. The users leave and spamming gets worse. AOL eventually shuts down their proxy servers.
If you think aol.com is clean of spam, think again. This has been bugging me for weeks, so I might as well post another screen shot. This guy, whoever he is has been doing well in Google’s Blog Search (page 4 of SERPs) for the last two weeks and I can’t figure out why. Maybe he’s got a combination that sets their algorithms afire (tons of keywords and lots of outbound links). He doesn’t even have a blog; he just spams all kinds of online forums. He starts each of his well-ranked posts off with, “I’m not a spammer! Look at my SUPER white sites!” If you’re reading this, AOL, he’s a spammer, so look at his SUPER white sites only if you dare (NSFW).
Tell me again why AOL doesn’t suck?