Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« The Conscience of a Hacker | Main | How to crack a Mac App »
Friday
Jan212011

McAf.ee Link Shortner

DateFriday, January 21, 2011 at 4:05PM

@DaveMarcus did NOT pay me to write this.

If you are a twitter addict like me, you use a link shortner.  The list of link shortners are long.  Bit.ly, TinyURL, even Google has their very own goo.gl!

However...

The problem is we don't know what we are clicking on.  You don't know that bit.ly/blah isn't sending you the latest serving of malware.  I have kicked around the idea that this is a great attack vector. Looks like I was not the only one.

http://www.zdnet.com/blog/security/twitter-worm-hits-googl-redirects-to-fake-anti-virus/7938

Cyber thugs are using Google's link shortener to trick users into viewing malicious content with FakeAV.

I just cleaned a co-workers home netbook after they clicked the evil goo.gl link. 

Note: http://www.malwarebytes.org/ is a great resource for removing.  I also used Metasploit to kill the tasks because the malware prevented Malwarebytes/AV from running.

I like to beat up on the AV vendors but the truth is there is a lot of malware out there and the best way to protect yourself is to not allow it to get on your machine in the first place.

Enter mcaf.ee! http://mcaf.ee/

McAfee has a link shortener that uses their Global Threat Intelligence database to check the links to identify if they are safe or malicious. 

They have a plug in for FireFox and Chrome.

If you use a twitter client, add this to other services to use mcaf.ee as your link shortener. 

 http://mcaf.ee/api/shorten?input_url=%@&format=text

I added it to Tweetdeck today as my default link shortener.

 

I use Twitterrific on my iPad and iPhone.  McAf.ee isn't available for that app so if you see the bit.ly from me, you know why.

Authorn00bz Network | Comment2 Comments |
tagged in ,

Reader Comments (2)

I dunno, blacklisting based on site category seems wrought with peril.

A simple example of a redirect workaround:

http://mcaf.ee/9ba04

vs

http://mcaf.ee/e8576

Now imagine that you have a real site that McAfee trusts with a means to redirect the user to the fake site that looks like the real site... the extra bar on top kind of helps to sell the fake, wouldn't it?

Anyway, I guess it's stuff like this is the reason why it's got the beta tag.

January 25, 2011 | Unregistered Commentertodb

With bit.ly links you can add a "+" on the end to get statistics for the page including the intended target url. For example, http://bit.ly/6ec0DN+ instead of http://bit.ly/6ec0DN

March 1, 2011 | Unregistered Commentertturner

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.