Friday, February 17, 2012

How To Get Your Computer Infected - An Example


Just today I got an email that under guarantee would lead to a damaged computer if I would follow the link. I want to show a detail that way too few of my customers are aware of.
 
From the "name" of the sender that I have never heard of to the contents of the text everything just screams "SCAM, BEWARE, CAUTION". But who does not like the idea to get $50,000, somehow. If you would have any hope that it might just eventually be true here is the final giveaway.

Look closely at the picture, a screen shot of the very small window of the email program. When I took the screen shot the cursor was on the link "File-For-Grants, you can see the cursor arrow. And in the status bar you can see the translation of File-For-Grants, that is where your browser really would take you to when you click on that link..


Reading it from left to right:
  1. Go to "transfer.go.com"
  2. Then go to "log.go.com"
  3. Then finally go to "http://ow.ly/976nw?u6i7"
The first two steps are just disguising what really is going on. Likely every screen that flickers by really fast shows a few advertisements and thus makes money for the crook. In the end effect we end up at "http://ow.ly/976nw?u6i7".
 
Ow.ly is a legitimate service to shorten URLs. Shortened URLs are often used to avoid very long URLs - and they are being used to disguise the real target of the URL.

Expanding the short URL "http://ow.ly/976nw?u6i7" gets me finally to "http://www.stimulusgrantapproval.com/", a web site that WOT immediately flags as dangerous and unreliable.

As much as we all would like $50,000, it sounds too good to be true - and you know what that is in reality.

Just a little bit of attention to the details can save us lots of headaches. But we have to pay attention to the details!

You don't see the status bar? Some incompetent dimwit must have turned it off, it does not "go away" by itself! In Thunderbird you turn it on in View, Toolbars, Status Bar.

Stay safe.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.  
Click here for a categorized Table Of Contents.

No comments: