Wednesday, April 29, 2009

The spam that almost got me...

Check out this email I got today at work:


I'm pretty cautious, but I just about clicked on the "To see it, click here" link.

It's a good thing I didn't, that link points to a .exe file located on a server named "". For those really not into computers, that link points to a Windows "executable", i.e. a program that very likely will do bad things to my computer. Clicking on it could have downloaded and run it (maybe with a dialog box asking me about it, I didn't want to press my luck trying it).

I think what kept me from it was seeing that "received" is misspelled. Misspellings are common in phishing and other spam emails.

The other thing is the link itself. I don't trust *any* emails I get, including the links in them -- especially HTML ones. Again, for the uninitiated, there's really two main types of emails you can receive -- plain text, and HTML formatted. HTML allows you to have formatted text with underlines, bold, multi-colored, etc. text. With plain text, it's just letters and numbers. Links in plain text emails look like this: In HTML emails, you can make links with pretty much any text, like this. Even worse, if I were malicious, I could make a link that looks like a link to CNN, but takes you to Amazon's webpage: In this case, the bad guys put a link to a trojan horse (I presume), masked as "here".

So how can you tell? Most email clients (Entourage, Outlook Express, hopefully others) will show you the real url (address) of a link down in the status bar at the bottom of the window when you hover over it with your mouse.* In this case, I did that and immediately saw that the link wasn't at, but at that "" site.

If you're not totally sure where the link goes, try to copy the link and paste it into a text editor (TextEdit on the Mac, Notepad on the PC), then if it looks okay, you can copy/paste it into your browser's address bar. That's much safer.

Lastly -- was I worried? A little, I still don't have a replacement Mac at work so I was using a Windows PC. Do .exe files affect Macs? Nope. =) Macs can't natively run those types of files**, so they're not really dangerous.
* Sadly, that does *not* always work with your browser -- malicious websites can fake the text shown in the link on the status bar. Google's search results pages even do little tricks with that text, showing you the bare link you're going to, but really linking to another google url that keeps track of which result you clicked before actually taking you there.

** ... unless you have vmware or parallels installed and run it through there.

No comments:

Does anyone read this thing?

views since Feb. 9, 2008