The slip of a finger on the keyboard can result in miss-spelling something. That can be bad. Some malicious websites use the fact that typos are common and we can’t spell against us.
Typing an address directly into the address bar is a great way to ensure that you are headed to the correct site. As opposed to clicking a link that you think goes to the right place when in fact it is a rip off of the correct site. It might look the same, but look closer and you might notice some discreet differences to what you remember. Like a slightly different adress or wording of the site. This is called “phishing“. The new version of Firefox, Firefox 2 will have inbuilt protection from these sites. But there are also applications that will help as well.
The whole thing that lead to this post was that I was sending a colleague some links to sites that will help them become more secure, such as anti-spyware and such. I came around to recommending they install an extension called Site Advisor. I went to the site and I noticed that they have posted a video on YouTube that chronicles what can happen at the slip of a finger.
It all starts when a user types “goggle” instead of “google” directly into the address bar… It all goes downhill from there. But let it be a warning to all. If you type an address into the address bar, be careful! In addition to this install Site Advisor it will tell you if the site you are on is bad. The extension also indicates a web sites status in searches, so that you know before you click if something nasty lurks at the other end. I would also strongly recommend using Firefox. Although there is a version of the extension that works with Internet Explorer, found at the same site.
Another great tool is Link Scanner by Exploit Prevention Labs, it checks sites before you visit without finding out the hard way. Something that I do a bit as well is “hovering” over a link without clicking it. Doing this will show the actual link at the bottom left of the browser. I look and see if it is going where the text on the page says it is, or where I expect it to be going. Call me paranoid but I do it. Plus I have been on the ugly end of a zero day virus and it isn’t fun. Tends to make you a bit paranoid.
I always said I would not use video on my blog unless I thought that it was effective in either demonstrating what I was saying or was in some way exceptional this does and is. Scary stuff, glad it was not my PC. I would say “enjoy” but I felt decidedly ill. But cool to watch and see what happens, if happens to you just hose the system, there is no going back, not to the point where I would trust it anyway.
As described by the YouTube User that posted the Video:
“McAfee SiteAdvisor takes a videotaped spin through some dark alleys of the Web. The result? A computer crash worth rubbernecking.“
Disclaimer: Exploit Prevention Labs is a current sponsor of The Global Geek Podcast of which I am a host.
Rooster's Rail 