Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: Bob434

Let me step through each piece of your scenario:

If an email doesn’t have an attachment, it’s just a long string of text. Even with an attachment, an email is relatively benign, as any code in the email or the attachment doesn’t just spring to life upon delivery. It’s a payload or a brick of C4. It could be harmful in the right conditions, but its mere existence does not beget tragedy.

You click on a link in the email. The first question that I’d ask is, “Did you look at the URL? Do you know where it’s taking you?” You go on to say you did not and clicked. Here’s where things get muddy. Every web browser functions slightly different from the next. Internet Explorer, for instance, is very permissive by default, so if there was embedded code in the form of Javascript or Java, it likely executed, regardless of its purpose. Firefox and Chrome, on the other hand, will often gently tap the breaks or outright deny access to a site that’s been compromised if it was reported as such. Existence of a site in the Ukraine is not, by itself, a reason for concern. Remember, however, that a site’s name and its hosted location don’t have to be the same. It would take me less than 5 minutes to register a domain in the .ru or .tk top-level domains and point it back to an IP that resides in the US or the UK or anywhere else in the world.

Finally, modern exploits don’t use downloads anymore. Malicious code embedded in the website or even in advertisements can trigger behavior behind the scenes that opens up your computer to being exploited. By virtue of just going to a website or having an advertisement pop up on your screen, you could be compromised. The importance of ad-blocking software that works with your browser cannot be understated. Web companies will grouse that you’re taking away their revenue stream, but you’re protecting yourself. Too many incidents have been reported in the last few years of advertising networks selling ad space to malicious entities who then go on to infect thousands of systems, turning them into botnets. I suggest AdBlock Plus as well as NoScript to prevent the execution of scripts in your browser without your permission.

Bottom line, you might not have anything to worry about, but there’s a small chance that website embedded a cookie on your system or executed some code that could later be used to turn your computer into a botnet zombie. Online link scanning sites are just aggregators of bad endpoints. Check it again, wait a week, check it again, wait a month... if it keeps coming up as “clean,” then it’s likely nothing to worry about. In the interim, run scanning utilities on your system such as Malwarebytes, CCleaner, and provided you have it running, Windows Defender. Also check the Windows firewall and review all of the ports and programs permitted access to the open Internet. If anything looks out of place, disable or delete the rule. If something goes awry with your computer, you can always add the rule back later.


84 posted on 05/14/2017 5:07:55 AM PDT by rarestia (Repeal the 17th Amendment and ratify Article the First to give the power back to the people!)
[ Post Reply | Private Reply | To 80 | View Replies ]


To: rarestia

[[“Did you look at the URL? Do you know where it’s taking you?”]]

Like a dummy nope=- I didn’t- We get frequent emails from the fella- and he’s never forwarded stuff or sent attachments before- and we let our guard down on this one- I know- dumb-

We use firefox under linux- and yep- I’ve seen firefox stop stuff before- usually with a warning about unsigned certificates or something- I got none of that with this particular site though

[[Existence of a site in the Ukraine is not, by itself, a reason for concern.]]

That’s what i was wondering- I shouldn’t have psoted thel ink in this thread- I’m new to all thi crap really- never having had ot deal with a site like that before- I did check it in link scanners- all the regular ones like nortons, web of trust, McCafee etc- and oen that combines like 10 or so checkers- one came up as dangerous - I did include the warning not to click the site- but posted it thinking others might have gotten similar emails with that address- in hindsight i shoulda altered the link to include a space to render it unclickable- or just given the main addy name without the .com stuff- or something- -

My concern though was how do they, the link scanners, check the sites? Just by users submitting what they assume to be dangerous links? If so, then being a new fly by night site, it wouldn’t show up as dangerous

[[Remember, however, that a site’s name and its hosted location don’t have to be the same.]]

Yup- I’m learning that now- I tend this computer for the family- so I’m gona have to learn what to look for better than i know now- Gah- at my age I’m gonan have to keep learning htis stuff simply because some hackers havent’ got anything better to do than to make other people miserable

[[Finally, modern exploits don’t use downloads anymore.]]

That was my main concern- not knowing enough about htis stuff- I have got a lot to learn- I ran into the drive by download junk years ago when it got real bad on the net- You’d look up something like ‘rice cakes’, or ‘Labrador retrievers’ or something innocent, see al ink about dogs, or health food, click on it and immediately get redirected to another site and autodownload would ruin your day- seemed like it was happening a lot- then all of a sudden it seemed to nearly stop- I just assumed Ie got a handle on it and ‘fixed the problem’ didn’t realize sites coudl then infect without downloading stuff-

[[By virtue of just going to a website or having an advertisement pop up on your screen, you could be compromised.]]

There was no advertisement- the page was blank except for the updating messages (you would have to refresh screen- which i did, thinking the site was stalled or soemthing- )

[[The importance of ad-blocking software that works with your browser cannot be understated.]]

I do run adblock+ in firefox- wouldn’t use the Internet without it- I’m also I guess gonna have to look into stopping scripts and just allowing them on sites in an individual case by case situation- Sad that we have to do this- but i guess it’s what we have to do now- my family members are less tech than i am- and I’m not all that good at it myself- so I gotta do something i guess-

[[Online link scanning sites are just aggregators of bad endpoints. Check it again, wait a week, check it again, wait a month...]]

Good advice- I’ll keep running it- I think probably I’m alright being that i use linux- and the links showed ok- and no advertising was present- but my friend i know uses windows- most likely doesn’t have adblock- and i know he wouldn’;t have sent anything like that himself- so he likely has had his email hacked-

I’m also looking into a linux install that runs things in a virtual environment- sounds like that might further isolate any incidents in a sandbox like environment-

When i ran windows- I had a program called rollbackRX- fantastic system restore program on steroids- it could restore computer during boot incase computer wouldn’t start- anytime i ran across anything suspicious on net, I would always do a rollback to before it happened- just to be sure- with linux though I don’t have that choice- worse comes to worse though i could restore from a clone backup i made not long ago- but i think I’m ok at this point- for the reasons listed above-

Thanks for taking the time to go over this- Helped ease my mind about it a bit- I’ll keep running the checks- and inform my friend that their email has been compromised- -


87 posted on 05/14/2017 9:19:06 AM PDT by Bob434
[ Post Reply | Private Reply | To 84 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson