Friday, January 25, 2013
Just narrowly avoided getting sucked into clicking on an evilware link.
No, I was not taking any foolish chances. This thing was embedded in a tweet from a personally known, real-life-friend's real account, the icon of which is a clear picture of that person's real face. The message was not out of character. In fact, it was spot-on in character. I'm aware that links to "a picture of you" is usually a red alert for a scam, but this was from an avid (and quite good, by the way) photographer with a penchant for taking silly candid shots and then teasing friends about them.
Out of habit, I checked the condensed URL with a website which expands shortened ones. It looked weird, and just as I was about to send a message to my friend asking about it, my friend announced that the account had been compromised.
Trojans have gone from the equivalent of a mass-mailout letter bomb, to a letter bomb in an envelope with a friend's printed return address label, to one with a friend's return address in that friend's handwriting, and a personal in-joke from your junior high school years in the letter.
Sometimes the appropriate response to living in a crazy world is madness, so go ahead and be paranoid. Check every link, no matter who it seems to be from. There are several tools that check the safety of URLS or give the full names of shortened ones. Below are a couple:
Sucuri SiteCheck (free website lookup, but with advertising of company products)
URL X-ray (free)