Other issues in this category (24)
Humans make mistakes or where typos can take you
Thursday, November 10, 2016
An Internet website address is somewhat similar to an address on a street map. A user can find the “building” they’re looking for, but what will happen if they’ve got the wrong address? Just like in real life, a wrong address can lead you to the wrong place or even get you in trouble.
Let's say a friend has asked you to recommend an anti-virus. You remember the name of the application, but you can't commit all website addresses to memory. You open your browser and try to remember the top-level domain in Doctor Web's site address. Is it drweb.info? Yes, it seems so.
It looks like something went wrong. Well, it appears that domain name is for sale for $595. Well, what’s the danger then?
In December 2014, a renowned torrent portal called Pirate Bay disappeared from the Internet. While worried users were exchanging rumours about the Swedish police seizing the site's hardware, criminals sprang into action.
Sites with a similar address but a different top-level domain, such as thepiratebay.cr, appeared every day, and tons of people rushed onto those sites like moths to a flame. However, when downloading the latest series of their favourite TV programme, they often received an executable file or were prompted to enter their bank card information to continue the download.
In October 2015, a similar thing happened to another torrent portal. And even though kat.cr remained operational at that time, it was removed from Google's search results.
Instead, links at the top of the search results directed users to “unofficial” versions of the portal. Some were merely mirror versions, while others were fraudulent sites.
There are many ways to register a domain name to make it look like one belonging to a popular brand, even without resorting to using available top-level domains. Add or remove a character that looks similar to the preceding one or replace a character with one located next to it on the keyboard, and count on users to not notice the difference. e.g., drwep.com, drwev.com. You can also add a relevant word to the address, e.g., drwebav.com, drwebantivirus.com. These are existing domain names that resemble Doctor Web's site address:
Let's assume that a criminal purchases an address that resembles a popular domain name, mimics the site's design, and publishes malicious or fraudulent content on that site. If, while entering an address, a Dr.Web user makes an error and then tries to open the link, they will see a warning.
But if your system lacks an anti-virus that can block access to non-recommended sites, you can run into a serious problem… Browser vulnerabilities, which emerge periodically, enable attackers to covertly download malware onto your machine. #URL #typos #non-recommended_sites #SpIDer_Gate
The Anti-virus Times recommends
- If, in order to access information on a site, you are prompted to download a file, never do it. There is no technical reason why a browser wouldn't be enough to view site pages.
- If you downloaded a video file, but instead of the video see a message prompting you to download a specific video codec from a certain address—remove the clip and forget about it. This is just another way criminals try to bypass the anti-virus scanners of file sharing portals and torrent trackers.
- The site looks like another popular site, but something is wrong with the news posts; the last post appears to have been published a year ago? The banner is advertising a promo that has long since ended? When fraudsters copy a site, they don’t update its content every day. Remember that and stay vigilant.
- Keep the HTTP monitor SpIDer Gate running while you are surfing the Web, and make sure that you have enabled the option to block access to sites from the categories “non-recommended site" or “known infection source”.
Meanwhile, since July 13, 2016, the search engine giant Google has been doing something similar to what a small Doctor Web team has been doing for years, which is adding non-recommended sites, including those engaged in phishing and other kinds of fraud, to the SpIDer Gate databases. Google is also expected to block payday loan ads. Furthermore, ads about loans with annual interest rates exceeding 36% will be blocked in the United States.
- And be sure to remember our site's address: