Hello everyone,
I have made this thread to let you know that you should always check your links before clicking them... Some people will already know this, however some people don't and doing this will potentially keep you safer online. Keep reading to find out why this is important.
I am sure if you browse the internet you click links. Correct? When you use a Search Engine and select a search result (and become redirected to the website corrosponding to the search result), when you receive an email from someone and if it contains a link a lot of people aimlessly click it to find out what it is, when you visit forums online and find links you may click them,... But make sure you check them! If you do not check the links before clicking them, you may find yourself in some trouble.
If you do not check your links and you end up visiting a malicious URL accidentally without intentional purposes, you may experience something called a "Drive-by-Download" attack. A "Drive-by-Download" attack is the process of where you (as a user) can have your system become infected just by visiting a website. Some of you here may not believe this, but it's the solid truth. You as a user may not have to interact with anything except the process of clicking on that link and allowing the webpage to load. In some cases, it can be as simple as that.
Now some of you may be thinking, "Wait a minute - downloading malware and running it are 2 different things. How am I going to become infected through a webpage which had malicious code to download malware to my system without me being aware?". The answer to your question (if you were thinking it) is that some malware writers are extremely clever and can allow the downloaded malicious software to be executed on your system without you even being aware that not only it was downloaded but started to execute.
Another website you regularly visit may one day become compromised by a hacker which makes this attack take place, also.
For example, those of you on the forums who are active in the Virus Exchange on this forum and regularly scan links (and visit them) and download malware samples to test Antivirus products without doing all of this on your Virtual Machine - you may not have experienced an Drive-by-Download attack however it's possible.
Of course with a good Antivirus product then you may be protected, of course no product can protect you fully from every threat out there, especially with all the unpatched vulnerabilities being used by malware writers all the time.
If you use a IM/Chat program and your friend sends you some links, how do you know his system wasn't infected and those links were automatically sent by a Trojan to you without his knowledge? If you are suspicous of a link sent from someone you trust, manually ask them if they sent it to you with a different connection from the same program/service used to receive them (since he could have been backdoored). And if you've ever been in this situation and fell for it, you could be another victim of the hacker after infected the person who sent you the links.
Without that being said, don't leave it down to Search Engines to protect you from malicious URLs. Truth be told, they may not actually be good at this and may be filled with malicious URLs (or at least "unwanted URLs" at the minimum).
Now it's time for me to let you know of a second little trick that people with bad intentions on the web may perform out for the inexperienced users to fall for:
If we go to Google and we search "MalwareTips", this is what we get:
As you can see with the above screenshot, I have put a red rectangle around the URL "malwaretips.com". The green URL means that when the search item is clicked by the user, we will be taken the the URL shown in the green above the website description.
However, what if there was a trick or a way around the user from instantly seeing the URL without checking? Sadly there "technically" is. Let me show you.
What you do is, you write out some text and then you link it like so: Click here to be taken to the MalwareTips homepage.
As you can see, the text has/may have changed colour to represent that it's a link. When you click this link, you will be taken to the MalwareTips homepage. But what if the link said: "Click here to download CCleaner" and the link was not on the official Piriform website and did not take you to download the legitimate version of CCleaner? Well, this activity may occur and be used in some cases. When you click that link above regarding CCleaner, it has been made to simply take you to the MalwareTips homepage.
Now you may be thinking: "Well how can I trust any link like this?". Answer is you can't unless you know where the link is going to go and trust the website source it's going to take you do. To see where the links above will take you, you have to hover over them. Traditionally, on most well known browsers (Internet Explorer, Google Chrome, Firefox, Opera are all included), when you hover over a clickable link it will let you know where the Hypertext Reference (href) of the text will take you.
As you can see above, hovering over the link will allow you to see (usually at the bottom left) the URL it will take you too.
You can also actually check the HTML page source in most cases if it's hardcoded in.
Should you encounter a shortened URL (for example, the following URL will take you to the MalwareTips homepage: http://goo.gl/dWQBjP), you can check where it will go before clicking on it (because hovering on it will not work).
To do this, you can try using a service like: LongURL (here is an example where I have used text linked to another website).
If you use a browser whilst sandboxed (for example if you use a sandbox like Sandboxie and search online with the browser sandboxed) this will help protect you in some cases although remember in the cases of infection, data theft can still occur in the Sandbox so if you are aware of a infection present in a sandbox, clear the sandbox out!
Using a Virtual Machine is also a good idea in some cases to help protect you. For example, if you ran malware in a VM unless it's an exploit to escape the VM (which is actually extremely rare thing to happen, especially if you are using well known and popular VM software like VMWare) then you should be protected then too from your main system becoming infected. Although, most people prefer to use their main sytsems as opposed to a VM, which is understandable.
As an addition to my post above, you may also like to scan links over at: https://www.virustotal.com/ - Bear in mind that one detection does not automatically make a website malicious since it can always be a False Positive detection.
Watch what websites you visit, watch what you download and you will be safer from experiencing a malware infection regardless of if you have an Antivirus product running.
Hopefully this thread was informative to some people.
Cheers.
I have made this thread to let you know that you should always check your links before clicking them... Some people will already know this, however some people don't and doing this will potentially keep you safer online. Keep reading to find out why this is important.
I am sure if you browse the internet you click links. Correct? When you use a Search Engine and select a search result (and become redirected to the website corrosponding to the search result), when you receive an email from someone and if it contains a link a lot of people aimlessly click it to find out what it is, when you visit forums online and find links you may click them,... But make sure you check them! If you do not check the links before clicking them, you may find yourself in some trouble.
If you do not check your links and you end up visiting a malicious URL accidentally without intentional purposes, you may experience something called a "Drive-by-Download" attack. A "Drive-by-Download" attack is the process of where you (as a user) can have your system become infected just by visiting a website. Some of you here may not believe this, but it's the solid truth. You as a user may not have to interact with anything except the process of clicking on that link and allowing the webpage to load. In some cases, it can be as simple as that.
Now some of you may be thinking, "Wait a minute - downloading malware and running it are 2 different things. How am I going to become infected through a webpage which had malicious code to download malware to my system without me being aware?". The answer to your question (if you were thinking it) is that some malware writers are extremely clever and can allow the downloaded malicious software to be executed on your system without you even being aware that not only it was downloaded but started to execute.
Another website you regularly visit may one day become compromised by a hacker which makes this attack take place, also.
For example, those of you on the forums who are active in the Virus Exchange on this forum and regularly scan links (and visit them) and download malware samples to test Antivirus products without doing all of this on your Virtual Machine - you may not have experienced an Drive-by-Download attack however it's possible.
Of course with a good Antivirus product then you may be protected, of course no product can protect you fully from every threat out there, especially with all the unpatched vulnerabilities being used by malware writers all the time.
If you use a IM/Chat program and your friend sends you some links, how do you know his system wasn't infected and those links were automatically sent by a Trojan to you without his knowledge? If you are suspicous of a link sent from someone you trust, manually ask them if they sent it to you with a different connection from the same program/service used to receive them (since he could have been backdoored). And if you've ever been in this situation and fell for it, you could be another victim of the hacker after infected the person who sent you the links.
Without that being said, don't leave it down to Search Engines to protect you from malicious URLs. Truth be told, they may not actually be good at this and may be filled with malicious URLs (or at least "unwanted URLs" at the minimum).
Now it's time for me to let you know of a second little trick that people with bad intentions on the web may perform out for the inexperienced users to fall for:
If we go to Google and we search "MalwareTips", this is what we get:
As you can see with the above screenshot, I have put a red rectangle around the URL "malwaretips.com". The green URL means that when the search item is clicked by the user, we will be taken the the URL shown in the green above the website description.
However, what if there was a trick or a way around the user from instantly seeing the URL without checking? Sadly there "technically" is. Let me show you.
What you do is, you write out some text and then you link it like so: Click here to be taken to the MalwareTips homepage.
As you can see, the text has/may have changed colour to represent that it's a link. When you click this link, you will be taken to the MalwareTips homepage. But what if the link said: "Click here to download CCleaner" and the link was not on the official Piriform website and did not take you to download the legitimate version of CCleaner? Well, this activity may occur and be used in some cases. When you click that link above regarding CCleaner, it has been made to simply take you to the MalwareTips homepage.
Now you may be thinking: "Well how can I trust any link like this?". Answer is you can't unless you know where the link is going to go and trust the website source it's going to take you do. To see where the links above will take you, you have to hover over them. Traditionally, on most well known browsers (Internet Explorer, Google Chrome, Firefox, Opera are all included), when you hover over a clickable link it will let you know where the Hypertext Reference (href) of the text will take you.
As you can see above, hovering over the link will allow you to see (usually at the bottom left) the URL it will take you too.
You can also actually check the HTML page source in most cases if it's hardcoded in.
Should you encounter a shortened URL (for example, the following URL will take you to the MalwareTips homepage: http://goo.gl/dWQBjP), you can check where it will go before clicking on it (because hovering on it will not work).
To do this, you can try using a service like: LongURL (here is an example where I have used text linked to another website).
If you use a browser whilst sandboxed (for example if you use a sandbox like Sandboxie and search online with the browser sandboxed) this will help protect you in some cases although remember in the cases of infection, data theft can still occur in the Sandbox so if you are aware of a infection present in a sandbox, clear the sandbox out!
Using a Virtual Machine is also a good idea in some cases to help protect you. For example, if you ran malware in a VM unless it's an exploit to escape the VM (which is actually extremely rare thing to happen, especially if you are using well known and popular VM software like VMWare) then you should be protected then too from your main system becoming infected. Although, most people prefer to use their main sytsems as opposed to a VM, which is understandable.
As an addition to my post above, you may also like to scan links over at: https://www.virustotal.com/ - Bear in mind that one detection does not automatically make a website malicious since it can always be a False Positive detection.
Watch what websites you visit, watch what you download and you will be safer from experiencing a malware infection regardless of if you have an Antivirus product running.
Hopefully this thread was informative to some people.
Cheers.
Last edited by a moderator:
