Network News

X My Profile
View More Activity

Scan Those Links Before Visiting

In an era when simply clicking on a link sent to you via e-mail or instant message can spell speedy doom for Microsoft Windows users, it's nice to have yet another resource for checking the validity and security of Web links.

I spent a couple of days playing around with a free Web-based tool from Exploit Prevention Labs that lets users copy and paste a Web link to see whether it appears to try any malware mischief. Using this service should by no means be considered an "all-clear" sign to click on a link sent to you in an unsolicited e-mail or instant message, but rather an extra layer of security to help you make a decision about whether a given Web link may be malicious or not.

Exploit Prevention Labs's service checks the submitted link against a list of known bad Internet addresses. Failing any red flags at that point, the service pretends to be a vulnerable Web browser visiting the site. I didn't subject this service to a battery of tests, but merely tried fewer than a half dozen suspicious Internet addresses I was urged to visit in various unsolicited e-mail messages. LinkScanner identified two of them as potentially malicious, including one link I received via e-mail that I was fairly certain tried to exploit a known Microsoft Windows flaw and another that was apparently related to a software piracy site that tried a number of Web browser exploits.

Again, I am not touting LinkScanner as a "scan-it-and-if-okay-go-ahead-and-click" type service. But it does add another layer of assurance for Windows users already beset by a deluge of malicious Web links. There have been browser extensions and other tools made available that attempt this same task, but the nice thing about this service is that it is Web-based, so there is no need to install any software on your machine in order to user it.

By Brian Krebs  |  September 6, 2006; 11:08 AM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Don't Be a Pump-and-Dump Chump
Next: Three Patches from Microsoft Next Week

Comments

You can get similar protection via a customized HOSTS file. Using a built-in component of Windows, HOSTS automatically filters all of your traffic for known hostiles, without requiring you to test each link.

www.mvps.org/winhelp2002/hosts.htm

Unlike LinkScanner, HOSTS does require a user to remember to download updated blocklists regularly. You need administrator rights to modify or replace the HOSTS file, so think of HOSTS as a monthly chore that should be done alongside the usual batch of Microsoft updates.

If you're really security conscious, use both HOSTS and the LinkScanner site. Two layers of defense are better than one.

Posted by: Ken L | September 6, 2006 12:04 PM | Report abuse

This is kind of a step backwards for security (and reporting).

Where's the API so I can build a firefox plugin for it?

-david

Posted by: David Ulevitch | September 6, 2006 12:57 PM | Report abuse

Ken L: A HOSTS file does NOT afford the same protection offered by LinkScanner. LinkScanner DOES use a blacklist of potential malicious sites, but that is only half of the protection. The other feature of LinkScanner is the ability to flag the site as attempting to exploit particular vulnerabilities.

Posted by: Matthew Murphy | September 6, 2006 2:17 PM | Report abuse

Exploit Prevention Labs also has a software product which compares the link against a blacklist, scans for known exploits, and performs some heuristics to determine if an exploit attempt is likely.

Posted by: Steve J. | September 6, 2006 6:44 PM | Report abuse

I was doing a search recently for waterbed mattress and Google returned a link for myrest.com. McAfee SiteAdvisor marked it with a Red X and their info states: "When we tested this site we found links to liveperson.com, which we found to be a distributor of downloads some people consider adware, spyware or other unwanted programs." However, the LinkScanner result states: "Congratulations! LinkScanner did not find any exploits at:
http://myrest.com" I guess nobody's perfect. Who are you to believe?

Posted by: Lynn B. | September 6, 2006 9:17 PM | Report abuse

Links to other sites are one thing, but presence of an actual exploit on the site you're scanning or an attempt at inserting it onto your machine is quite another. If you tried to test the bad link addresses, they'd probably be blacklisted (or would be very shortly!). That's where the resident software comes in handy.

Posted by: Steve | September 7, 2006 12:11 AM | Report abuse

I am using Dr.Web Plug-in.
This supports IE, Firefox and Opera.
Right-click on the link you want to check it.
Select "Scan with Dr.Web" on context menu.
It's very useful.

http://www.freedrweb.com/browser/

Posted by: HIPPO | September 7, 2006 5:20 AM | Report abuse

I am currently using firefox 2 beta 2 with its built in anti phishing - and of course with the ad block plugin - I am happy with these so far.

Posted by: paul | September 7, 2006 12:20 PM | Report abuse

I have not tried the Exploit Prevention Labs service. But, for some time, I made use of the McAfee SiteAdvisor, and I must tell it makes mistakes quite frequently. As for the Exploit Prevention Labs service, it does not offer automatic checking and this alone makes it unusable and unpractical in our dynamic real life.

Further, other well-tried and acknowledged technologies are available. Of course, these are pay services, but they are really efficient. Kaspersky Internet Security 6.0 among its many components has a Web Anti-Virus scanning the traffic on the fly. Please take a look at the test results:
http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82 un
http://www.av-comparatives.org/seiten/ergebnisse/KAV6_PDM_test.PDF

99.62% signatures and heuristics + 99% proactive protection + some other protection components! Do you still believe it would be better to perform multiple copy-paste operations in a service of unknown efficiency? By the way, if you want you can test each your file at Virustotal.com or virusscan.jotti.org. In my opinion, Kaspersky Internet Security 6.0 is much more efficient than a whole batch of services like the Exploit Prevention, and Kaspersky does its job automatically.

Posted by: Valdis | September 7, 2006 5:01 PM | Report abuse

One could also not open spam, and not visit links in email. There is almost no good reason to click a link in email.

Posted by: anon | September 7, 2006 11:37 PM | Report abuse

Compete recently launched a new Firefox toolbar that automatically detects Google and Yahoo search results and scores the trust and popularity of each result.

The offering is analagous to SiteAdvisor; however, they offer additional site insight, such as how many people have visited the site and whether or not there are any promo codes available (should it be a retail site). http://home.compete.com

Posted by: jadeslade | September 12, 2006 9:28 AM | Report abuse

LinkScanner is just useless. I ran it against a list of sites that load the unbelievably dangerous Gromozon-related exploits from external sites through obfuscated javascript, just like the vast majority of these sites do. LinkScanner never detected anything. I strongly urge you not to trust the results that LinkScanner gives out.

Posted by: TNT | September 12, 2006 9:56 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company