• All Community
    • All Community
    • Forums
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

cllicking on a bad email link -- what to do next?

I made the dumb but all too common mistake of clicking on a link in an email from a friend whose email contact list had been hijacked by who knows who.  After I realized what I had done I ran an immediate Norton full system scan, which came out all right.  No bad symtoms so far, but Is there anything else one can do, perhaps aimed at the particular email in question?

Dave

Replies

Kudos0

Re: cllicking on a bad email link -- what to do next?

I made the dumb but all too common mistake of clicking on a link in an email from a friend whose email contact list had been hijacked by who knows who.  After I realized what I had done I ran an immediate Norton full system scan, which came out all right.  No bad symtoms so far, but Is there anything else one can do, perhaps aimed at the particular email in question?

Dave

Kudos0

Re: cllicking on a bad email link -- what to do next?

Chances are nothing bad happened. Malware still has to be downloaded to the computer and executed before it can infect the system. "Drive-by-downloads" do exist, but they aren't that common. Also, phishing websites, that try to trick the visitor into buying or paying or downloading something are more common than actually infecting the user outright.

You can PM me the link to the website in question, if you still have it, if you want, and I can see if there are any malicious scripts or things like that running on it.

Kudos0

Re: cllicking on a bad email link -- what to do next?

I also clicked on a bad email link and my Norton blocked access indicating "Web Attack: Facebook Fake Survey 3".  I then hit the back button without thinking, and I ended up on a webpage that was very difficult to get off of.  Every time I tried to exit it asked me to make sure I wanted to leave, every time I indicated yes I wanted to leave, Norton sent me another notification that it had blocked access.  This happened about 3 times.

I was using Internet Explorer at the time, and am particularily worried as I understand Internet Explorer has a vunerability right now that is high risk.

Can anyone tell me whether hitting the back button and ending up on the webpage resulted in allowing access to the attack.

Thanks!

Kudos1 Stats

Re: cllicking on a bad email link -- what to do next?


sanitycheck wrote:

I also clicked on a bad email link and my Norton blocked access indicating "Web Attack: Facebook Fake Survey 3".  I then hit the back button without thinking, and I ended up on a webpage that was very difficult to get off of.  Every time I tried to exit it asked me to make sure I wanted to leave, every time I indicated yes I wanted to leave, Norton sent me another notification that it had blocked access.  This happened about 3 times.

I was using Internet Explorer at the time, and am particularly worried as I understand Internet Explorer has a vulnerability right now that is high risk.

Can anyone tell me whether hitting the back button and ending up on the webpage resulted in allowing access to the attack.

Thanks!


Hi, sanitycheck.  Any webpage that puts up a subwindow when you wish to leave the page is suspicious.  A safe move to avoid infection when dealing with that situation is to close the browser window manually using your browser.  Do not click on any control having to do with the webpage itself in that situation - as you have no idea at that point what you are clicking on.

Note: Some Malicious webpages reprogram the "x" box at the top right of the subwindow to work as "OK' - thus you give permission for the webpage to interact with your machine - even though you thought you were closing the subwindow.

Consequently, interacting with a suspicious webpage in any way is "not a good idea"  

You close a suspicious webpage by right-clicking on the tab for the active webpage and clicking the "Close Tab" button.  This closes the selected tab completely - bypassing anything the webpage wants you to do.  This is the proper "exit strategy" for any webpage where you think something fishy is going on.

Finally, If you have any problem closing that Tab, close all of IE, wait however long it takes for IE to close down completely, reopen IE and empty your Temporary Internet Files, then close IE again.  This "cleans up" IE's cache info as much as possible - to ensure you have no "mortal remains" left behind from your brush with the world of malware.

Now, to your particular situation:

When you clicked "OK" on that subwindow, you gave permission (as far as your browser was concerned) for that window to interact with your browser.  NIS saw what that subwindow was doing, recognized it as a nasty, blocked the nasty and informed you it had just saved your butt.

When you panicked and backed out, you went back to the webpage you were previously browsing.  Furthermore, when you tried to leave again - that brought up the "exit subwindow" and the process repeated.  NIS saved your butt in this situation, just as it did the first time.

Eventually, you figured out that the only way out of the situation was to close the webpage without interacting with the subwindow at all.  Thus, you exited the trap.

From everything you have described, you dodged a bullet.  NIS protected you from infection.  However, this is not a guarantee that you didn't get infected by something else while on that webpage.  My suggestion is to bring NIS completely up-to-date using Live Update and then do a Full System Scan with the latest virus definitions in place.  If that Scan comes up clean and you are running normally (no weird activities, popup windows, mysterious slowdowns and so on) - then I think you are OK.

Regardless of the above, I also recommend you run another Full System Scan (after manually running Live Update) in a few days - just to be sure you didn't catch something that was so new that NIS did not have a template for it yet.  Most malware nasties are trapped and templated within about 3 days of release - so by that time NIS will have had a chance to evolve to the point where it can check for other things you might have been infected by during this encounter.  If that test passes OK - you can wipe the sweat off your brow and continue on your merry way. 

As you have noted, IE has a current security vulnerability which is quite dangerous.  However, Symantec has been informed about the problem since before the info was released to the public - and has already designed intelligence into NIS to detect the activities of malware trying to exploit the security hole.  Thus, you are probably OK.

However, I think you have used up your quota of golden horseshoes for the month.  Stay away from any new or untested websites until you have updated your machine with the MSIE Security Patch which closes the security hole.

Note: The patch release date is tentatively scheduled for Monday next week.

Hope this helps.

Kudos0

Re: cllicking on a bad email link -- what to do next?

Thank you so much twixt!!!  This was very helpful!  I hope I've learned my lesson!!

Kudos0

Re: cllicking on a bad email link -- what to do next?

It looks like the IE security update was released today for Vista and Windows 7.

Regards,

Kelly

This thread is closed from further comment. Please visit the forum to start a new thread.