In early June, I posted an article – Norton DNS – Another Layer of Computer Security, in which I stated –
You should consider additional system hardening by substituting your ISP provided DNS service, with a more secure alternative.
A few days later, I posted an article – Follow the Link and You “Takes Your Chances”, in which I made the point –
As a matter of policy, I test every allowed link included in a comment, for safety. Spam filters can often miss comment spam, some of which are highly dangerous. While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.
The following comment emailed to me by WordPress just today, and not picked up by the Askimet spam filter, provides a perfect example where these two intersect:
The email notice:
A new comment on the post “Download TrueCrypt – TrueCrypt Beats The FBI Decryption Team!” is waiting for your approval.
Author : retnol (IP: 126.96.36.199 , 188.8.131.52)
E-mail : firstname.lastname@example.org
well, nice post. Thank you for sharing.
On testing the URL (the link), contained in the comment, I get this result from Norton DNS. This is not as uncommon as you might think.
Further investigation of the Threat Report, reveals the following.
Pretty scary stuff, I think you’ll agree.
So, I’ll repeat –
Be cautious when following links contained in comments on any web site – not just Blogs.
Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software. This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.
Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.
Install an Internet Browser add-on that provides protection against questionable, or unsafe websites.
Use Norton DNS as an added safety precaution.
You simply cannot trust links, given the state of the Internet, so if you haven’t hardened your system by substituting your ISP provided DNS service, with a more secure alternative, I urge you to do so.
I deal with comments like this every day – it just happens, that today, I had some spare time to bring this situation to your attention, one more time.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.