Can huge be dangerous?

[polonus]

Hi malware fighters,

I stumbled upon this: http://hugeurl.com/
Has been started as a joke, but what happens if you huge-up a malicious URL?

Like your comments?

polonus

[scythe944]

Lol, that's ridiculous!

Of course, if I saw a link like that anywhere, I'd think it was malicious anyway, regardless if it was or not.

[polonus]

Hi scythe944,

As it is similar to obfuscation, there is another one here: http://www.reallyhugeurl.com/

Whoever thought of this never realized what the consequences could be if one gives in a malicious address.
Or am I the only one, because I have a malware fighting set of brains?
Can you test if avast webshield will flag malcoded addresses huged up that way.
Anyone,

polonus

[scythe944]

Well, find me a link to a bad website, and we'll make a hugeurl out of it and give it a shot.  All the computers that I use for work are just junk machines anyway, if anything happens I'll just blow it away and rebuild it.

No biggie.

As for your question,

Whoever thought of this never realized what the consequences could be if one gives in a malicious address.
Or am I the only one, because I have a malware fighting set of brains?

I think anyone that has used a computer for a while would think the same way, I know I do.

[Hermite15]

I admit that's funny ...adding : who clicks on those links?

[Hermite15]

Can you test if avast webshield will flag malcoded addresses huged up that way.
Anyone,

polonus

I just tried with Google.com, worked like a charm and the web shield didn't make any noise

[polonus]

Hi Logos,

What if they are inside a hidden iFrame link. What if you click on such an obfuscated URL as part of injected code.
Use your imagination, man. It is not going to appear as a link in your address bar or as a Google search query to give in (probably too large anyway), it is going to be abused by folks who could have it available "on the fly" because it won't appear suspicious because it was taken from a fun site. Such online services should be blocked by an av solution as being possible riskware. Well the use of it can be used to deliver malcode. Am I wrong?

pol

[Hermite15]

Use your imagination, man

hey thanks for the tip ... allow me to add that I thought about the hidden possibilities...I just didn't mention it

adding: there's a huge potential for malware, obviously...complete links appear in browsers' status bar when you hover your little mouse pointer over a link...so that's a warning already...if you looked

[DavidR]

Lol, that's ridiculous!

Of course, if I saw a link like that anywhere, I'd think it was malicious anyway, regardless if it was or not.

I just had a really huge URL and mega strings stretching over 4 lines of wrapped text, and it was legit but ordinarily I wouldn't touch it with a huge stick.

Guess who it was from paypal, notifying me of a change to the User Conditions, etc. for a company like paypal that warns of phishing, etc. this is a huge (I know) blunder as far as building trust goes. Not only that but the huge/mega URL also redirected (blocked by the firefox add-on RequestPolocy) to another domain, totally crazy when you are talking about what is a financial site with all the ensuing risk of phishing.

[polonus]

Hi DavidR,

But what webadmin of a hosting site allows for such an online anonymous service that could so easily be abused in various ways. What we saw as a risk at just a glance, they could not. Just folks operating on automatic, unbelievable!?! Totally irresponsable, because you learn young bloggers to obfuscate from the start, and as you said that is bad for the trust model, whereon security depends. I would like users to report these sites to WOT as possible dangerous,

polonus

[Hermite15]

hey guys, now that i think about it, I never pasted sunspider tests results in my posts because they seem to use URLS like that:
http://www2.webkit.org/perf/sunspider-0.9/sunspider.html

(the link you get after a test has completed is just huge; I think Technet (for forum posts) is also using URLS like that )

[polonus]

Hi Logos,

What if we make a combination of a Funkyfied url and then make it huge:
http://funkyfilters.com/url/obfuscation/
This is the technique behind it and there are various tools to do this all automatically:
http://www.searchlores.org/tools.htm
specifically
http://www.searchlores.org/sonjas33.

polonus

[Hermite15]

Hi Polonus,

where do you find all these things... is there some kind of parallel internet run by anti-malware knights and during one of your secret meetings they allow you once in a while to leak some info
 I'm just kidding, your contribution here on Avast forums is really appreciated

[polonus]

Hi Logos,

I can return that question, you also inspired me previous times big time. Well I remembered the lessons from the old reverse gurus like f.ravia, ORC+, woodman, and also you can do some packing and compressing javascript online (totally benign off course just for educational puposes) and then learn from some jsunpacking. It is like getting introduced in a line of thinking, you start to recognize the patterns, the malcode fragments starts standing out, you will know where to look. You are also developing in this direction. The common reason for it is to protect better,

polonus

[nmb]

Hello,

How about this one ? : http://www.hugeurl.com/?MTQ3NjUxYTZkN2U5ZjIyYTBjM2FjNWFmY2RhOTA1NDQmMTQmVm0wd2QyUXlVWGxWV0d4V1YwZDRXRmxVU205V01WbDNXa2M1VjFac2JETlhhMk0xWVd4S2MxZHFRbFZXYkhCUVZqQmFZV015U2tWVWJHaG9UVlZ3VlZadGNFZFpWMDE1VTJ0V1ZXSkhhRzlVVjNOM1pVWmFjVkZ0UmxSTmF6RTFWVEowVjFaWFNraGhSemxWVm0xb1JGWldXbUZrUjFaSFYyMTRVMkpIZHpGV2EyUXdZekpHYzFOdVVtaFNlbXhXVm1wT1QwMHhjRlpYYlVaclVqQTFSMXBGV2xOVWJGcFZWbXR3VjJKVVJYZFpWRVpyVTBaT2NscEhjRlJTVlhCWlZrWldZV1F4VGtkVmJGWlRZbFZhY1ZadGRHRk5SbFowWlVaT1ZXSlZXVEpWYkZKSFZqRmFSbUl6WkZkaGExcG9WakJhVDJOdFNrZFRiV3hUVFcxb1dsWXhaRFJpTWtsM1RVaG9XR0pIVWxsWmJGWmhZMnhXYzFWclpGaGlSM1F6VjJ0U1UxWnJNWEpqUld4aFUwaENTRlpxU2tabFZsWlpXa1p3VjFKV2NIbFdWRUpoVkRKT2MyTkZhR3BTYkVwVVZteG9RMWRzV25KWGJHUm9UVlpXTlZaWE5VOWhiRXAwVld4c1dtSkdXbWhaTVZwelkyeGtkRkp0ZUZkaVZrbzFWbXBKTVdFeFdYZE5WVlpUWVRGd1YxbHJXa3RTUmxweFVWaG9hMVpzV2pGV01uaGhZVWRGZUdOR2JGaGhNVnBvVmtSS1QyUkdUbkphUmxKcFZqTm9XVlpYY0U5aU1XUkhWMjVTVGxOSFVuTlZha0p6VGtaVmVXUkhkR2hXYXpWSFZqSjRVMWR0U2toaFJsSlhUVlp3V0ZreFdrdGpiVkpIVld4a2FWSnRPVE5XTW5oWFlqSkZlRmRZWkU1V1ZscFVXVlJHZDFkR2JISmFSemxxWWtad2VGVXlkR0ZpUmxwelYyeHdXR0V4Y0hKWlZXUkdaVWRPUjJKR2FHaE5WbkJ2Vm10U1MxUXlVa2RVYmtwaFVteEtjRlpxU205bGJHUllaVWM1YVUxWFVsaFdNV2h2VjBkS1dWVnJPVlppVkVVd1ZqQmFZVmRIVWtoa1JtUnBWbGhDU2xkV1ZtOVVNVnAwVW01S1ZHSlhhR0ZVVmxwM1lVWndSbHBGT1U5aVJYQjVWR3hhYTJGV1pFZFNhbHBYWVd0dmQxWlVSbFpsUm1SMVUyczFWMVpzY0ZWWFZsSkhaREZrUjJKSVRtaFNlbXhQVkZaYWQyVkdWblJOVldSV1RXdHdWMWxyVW1GWFIwVjRZMFJPV21FeVVrZGFWV1JQVWpKS1IyRkhhRTVXYmtKMlZtMTBVMU14VW5SV2EyUnFVbGQ0Vmxsc1pHOVdSbEpZVGxjNVYxWnNjRWhYVkU1dllWVXhjbUpFVWxkTlYyaDJWMVphUzFKc1RuUlBWbFpYWWtoQ1dWWkhlR0ZaVm1SR1RsWmFVRlp0YUZSVVZXaERUbFphU0dWSFJtcE5WMUl3VlRKMGIyRkdTbk5UYkdoVlZteHdNMVl3V25KbFJtUnlaRWR3YVZacmNFbFdiR1EwWVRKR1YxTnVVbEJXUlRWWVdWUkdkMkZHYkhGVGExcHNWbXR3ZVZkcldtOWhWMFkyVm01b1YxWkZTblpWVkVaelZqRldjMWRzYUdsaVZrcDZWMWQwWVdNd01IaFhXR3hzVTBkU2NGVnFRbmRTTVZsNVRsaGtWMkpHYnpKVmJYUnZWakZhUmxkcmVGZGhhM0JRVlRCa1IxSXlSa2hpUms1cFlUQndNbFp0TVRCVk1VMTRWVzVTVjJKSFVsVlpiWFIzWWpGV2NWUnRPVmRTYlhoNVZtMDFhMVl4V25OalJFSmhWbGROTVZaWGMzaFhSbFoxWTBaa1RsWXlhREpXTVZwaFV6RkplRlJ1VmxKaVJscFlWRlJHUzA1c1draGxSMFphVmpGS1IxUnNXbUZWUmxwMFZXNUNWMkpIYUVSVk1WcGhZMVpPY1ZWc1drNVdNVWwzVmxkNGIySXlSbk5UYTFwUFZqQmFhRlpxVGxOaFJteFdWMjVLYkZKdFVubGFSV1F3VlRKRmVsRnFXbGRpUjFFd1ZrUktSMVl4VW5KWGJGSm9UVEZLV1ZaR1l6RmlNV1JIV2taa1dHSkZjSE5WYlRGVFpXeHNWbGRzVG1oU1ZFWjZWVEkxYjFZeFdqWlJhbEpWWVRKU1NGVnFSbUZYVm5CSVlVWk9WMVpHV2xaV2JHTjRUa2ROZDAxSWFGaFhSM2hQVm14a1UxWXhVbGhrU0dSVFRWWktlbFpYZEd0V01ERkZVbXBHV2xaWGFFeFdha3BIWTJ4a2NtVkdaR2hoTTBKUlZsZHdTMU14U1hoalJXUmhVbFJXVDFWc2FFTlRNVnB4VTJwQ1ZrMVZiRFJXUm1oelZtMUZlVlZzVmxwaVdGSXpXV3BHVjJOV1VuUlBWbVJUWWxob05WWnRNREZoTVZsNFYyNU9hbE5IYUZkV2FrNXZZMnhhY2xaWWFGaFNiRm94V1RCYWExUnNXWGxoUkVwWFlXdHdObHBFU2xkV01WcDFVMnhDVjJKV1NuZFdha0poVXpGa1YxZHJhR3RTTUZwWVZGZHplRTVXVm5Sa1J6bFdVbXh3TUZaWE5VTldiVVp5VjJ0NFZrMXVhSEpXYWtaaFpFWktjMWRyTlZkaVdHTjRWbXhrTkdJeVRYaFhiazVZWVRGd1ZWbHJaRzlYUm14WVkzcEdhMkpIZUZkV01qRkhZV3hhY21OSWNGaGhNWEIyVm1wS1MyTnNUbkppUm1SWFlsWkZkMVl4V21GWGJWWkhWRzVLV0dKRk5WaFZiRnBXVGxFOVBRPT0=

nmb