Heres a really interesting quasi-cross-site scripting/phishing attack that uses Google rankings to propagate malicious links.
http://garwarner.blogspot.com/2008/12/more-than-1-million-ways-to-infect-your.html
To summarize:
1) An attacker finds legitimate (and hopefully popular) websites that are vulnerable to external site redirection via URL injection.
2) Using a script, this link is posted around the intarwebs such that it is picked up many, many times by Google crawler bots. Since it piggy backs off the popularity of the host’s domain name, its rankings will be vaulted to one of the top search results.
3) User clicks on this link after performing a Google search and is redirected to the infected site.
4) = Profit ??
One common web app I know that is susceptible to URL redirection is Outlook Web Access when running on Exchange 2003. If you append a site to the end of the main login page, you will be redirected to that site once you try logging in (ie. https://owa.good-site.com/exchweb/bin/auth/owalogon.asp?url=http://bad-site.com) Not sure how you would craft this into an earth shattering attack unless people are actively searching for a company’s exchange server, but I’m just throwing it out there as an example.
Comments
I have to say I concur with the majority of what is being said here. I am gonna have to have to snatch the feed so I can keep tabs. on what