Some of the phony image links were said to be spreading malware identified by Kaspersky antivirus as HEUR:Trojan-Downloader.Script.Generic.
Seeing how the Heur Trojan is known to unleash a world of digital hurt on PCs, like modifying system files, altering the settings for certain browsers, opening a backdoor to download additional malware and allow remote control of your PC, among other things, I think it's safe to say that you definitely don’t want to wind up with it on your computer.
So that's all fine & dandy that you've been warned, but how can you tell if the image link is real before it’s too late?
When malware dresses up as an innocuous link..
Let’s take a look at the malicious link provided in the alert posted on Facecrooks:
At first glance, the link above should throw up a red flag in the back of your mind. Typically an image link will end with “.jpg”, “.gif”, “.png”, or “.bmp” as those are the most commonly known file formats.
The sample provided above merely ends with a directory name, which is “img”. (Don’t confuse it with “.img” files, which are a disk image file type and was used by older Macs until it was replaced by the .DMG disk image format.)
When a specific file is not listed in a URL, the default page that is served is usually “index.html”, which in this case was rigged to deliver the Heur Trojan to the victim.
So, at the very least, make sure the URL ends with the proper file format before clicking.
But wait! Things may not always be what they seem..
Now, just because a link ends with the proper file format doesn’t mean that it’s safe.
The sample link provided in the warning posted on LookatVietnam shows us a sneaky trick cybercriminals use in order to make us think a link is safe.
Here’s the sample link they provided:
As you can see, this link has the potential of leading a lot of people to believe that it’s a harmless link pointing towards a .JPG file, which is a common image file format.
The bad guy behind this malicious link used a URL parameter, “?4e8doj5-Picture-43.JPG “, in order to disguise the true file that users were being directed to. The real target of this link is the “dn2.php” page that’s in the ‘cache’ directory of the website. Again, the ‘dn2.php’ page was rigged to deliver the payload once it was visited by the victim.
Ahah! They're busted and your PC has been spared!
By closely inspecting links before clicking them, users can steer clear of malicious websites and in turn, reduce the chances of their computers being infected with malware.
In addition to exercising caution, users should always run antivirus software on their PC, keep system software up-to-date and avoid downloading any files attached to unsolicited emails.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.
Photo Credit: Digital Magic Photography