[In 2005, LiveSecurity wants
to help network administrators raise the level of computer
security awareness among their users. We offer this article to any
admin whose users get themselves into trouble by going
"click-happy" all over the Web and in HTML e-mails. Please feel
free to forward this within your organization to non-technical
users who you feel would benefit from a more educated approach to
Web surfing. -- Scott]
You're shopping and sightseeing
in a posh retail district downtown. Excited by the unusual stores
and fascinating landmarks, you wander happily from one attraction
to another. Then you look around, and -- oops! Somehow you strayed
into a dangerous part of town. Dusk is falling, and the
nice-looking tourists have vanished. A group of toughs glowers at
you from the shadows. Concerned, you high-tail it back to the
"nice" part of town.
Using the World Wide Web can be like that,
too. This article explains how to recognize and avoid dangerous
Web "neighborhoods" that try to lure you in and harm your computer
or steal your personal information. The moral of the story is
simple: To surf safely, look before you click.
A Web of Threats
800 million people
use the Internet -- more than enough to attract thieves and scam
artists. You might have already experienced some obvious attempts
to trick you via e-mail (you haven't sent any money to some poor
have you?). Users like you have caught on to classic e-mail scams;
thus, many attackers have switched to the Web to continue their
deceptions. Their Web attacks count on you clicking on a Web page
that the attacker designed maliciously. A clever attacker can set
up a site so that if you click on it
even once, within seconds he can
take over your computer. Even worse, you might not have to go to
his site. If you click a link that leads to his site, he could
feasibly "own" your computer. Beware!
How is that possible?
Whenever you visit a Web page, lots of invisible
activity can happen on your computer. For example, if the Web site
welcomes you with your own name, that's because last time you
visited, it put a special text file called a cookie on your
computer. If a stock ticker scrolls past or sports scores update
automatically, the site could be executing a script on your
computer. This stuff is normal. But the fact that your computer is
willing to receive and execute instructions from a Web site is
what hackers exploit.
Fortunately, clumsy attackers set traps that
you can see before stepping into them -- if you know what to look
for. To recognize when you're entering a tough Web "neighborhood,"
read this short explanation of URLs.
What Is a URL?
At its most basic level, a Uniform Resource Locator
(URL) is the stuff you type in your Web browser so you can visit a
site. A URL is the global address of a document, Web page, file,
or other resource on the World Wide Web. That's why, as you click
from page to page on a Web site, the URL changes.
Some URLs are short, like this:
Others are long, like this:
Whether they are short or long, URLs have
the same general structure. That's how hackers are able to exploit
them -- and also how you can sometimes see what an attacker is
trying to do, before you click.
Parts of a URL
URLs follow this general structure:
The letters before the // show what protocol is being
used to request the desired Web resource. For example, next time
you buy something from a secure e-commerce site, watch and you'll
usually see the http become https, to signal that a special
security protocol is protecting your online transaction. If you're
in the middle of a purchase and the https becomes something else,
such as hcp://, someone might be up to something you don't want
them to do. So if in doubt, keep an eye on the protocol.
The next section (between the // and the
next /) is the name or address of a
Web server. A server is just a
computer that "serves up" information to other computers. Since
computers understand numbers as well as words, this next section
might be the address of the server, such as 22.214.171.124, or the
name of the server. This is another field to watch for
For example, click the Kunstler and Sons
link above and see how the server name in the URL changes when you
arrive at the Web page. You're not really landing at the server
specified above. This technique is called a redirect.
Redirects can happen legitimately or illegitimately. Last year
some hackers attacked Citibank, which uses
When victims arrived at Citibank's site, they saw a pop-up window
that looked like part of Citibank's site, and even used the Citi
logo, but was really put there by hackers. When victims innocently
clicked in the pop-up box, they were redirected to a hacker Web
site that still looked
like Citibank's site, and requested the user's password and
account number. The only tell-tale clue that the site was not a
safe place to divulge your password was that after you clicked the
pop-up, the URLs said something else besides
That's an example of why, while you're Web surfing, you should
keep an eye on this field.
The rest of a URL describes a path to a
specific file on the server. Most Web resources are HyperText
Markup Language (HTML), so you'll encounter lots of URLs that end
with .htm or .html. Certain types of documents end in .pdf, or
.txt, or any number of other endings. What you generally do not want to see
is .exe. This indicates that instead of leading to a file, the URL
triggers a program that can execute
on your computer. Unless you are intentionally trying to download
a program (for example, a setup/install program) from a trusted
source, avoid URLs that contain .exe.
You should also become familiar with
in URLs. If a URL ends with .de, that's a German site. If it ends
in .ru, that's a Russian site. If you normally bank with Bank of
America and suddenly their Web site seems to be filled with URLs
ending in .ro, chances are somebody is fooling with you.
Fooling with All of a URL
Besides paying attention to parts of a URL, you
should also pay attention to the entire URL. When you click on a
URL in a document or on a Web page, that link does not have to go
where it says it goes. For example, this URL appears safe to the
In reality, if you click it, you'll go to
the site of a known hacker collective. You can see this before you
click if you use Internet Explorer's Status Bar. In Internet
Explorer, click the View menu and enable Status Bar. Doing so
displays a gray bar at the bottom of Internet Explorer frames.
When your cursor hovers over a URL, the Status Bar will show where
the URL really leads. (You can try it with the link above; the
page it leads to looks menacing, but is safe.) To a computer, the
URL displayed on the Web site is merely a collection of letters
for humans to read. The computer
reads an HTML tag that is not usually visible to you. Sometimes
hackers will exploit this fact, so leave your Status Bar enabled
and look at where a URL will lead you before you click on it.
Stand Up for Yourself
Not all Web-based attacks are visible to the
intended victim. Sophisticated hackers use tricks to hide what
they're doing (they can even fool the Status Bar). But such
sophisticated attacks are rare. Most Internet users pay no
attention to URLs, so the average attacker doesn't bother to hide
his URL stunts. Though you won't understand everything you see
happening in URLs, make a habit of keeping an eye on them.
As an adult, you've learned a host of minor
but useful self-defense behaviors. When you attend a crowded
public event, you don't leave your purse lying unattended. When
you visit an urban area, you don't wander around flashing your
cash. In an unfamiliar neighborhood, you don't loiter in the
shadows. These preemptive measures seem reasonable and simple,
right? Think of watching URLs as another minor self-defense
behavior that will become second-nature to you. When you spot
trouble, simply don't click on it -- and instantly, you're back in
a safe neighborhood. ##