Well that looks sketchy...


Hey,

There's a $1,000,000 sitting in an account with your name on it you just need to click this link;

FREE MONEY!

-
Did you get that money?  Or did you go to VirusTotal?  Point being the text displayed has nothing to do with where you'll end up.

You should never blindly follow links, especially unsolicited or automated ones in your email.  Now if you just forgot your password and are expecting a link then 'yes' you can reasonably assume that link is clean/valid.  (You initiated the automated response)

But how can you be sure?  Is there a way we can check?

VirusTotal is the first thing I use if I sense something Phishy.


Highlighted in red are the main options/buttons you will be using.

The default landing page has you in "File" mode.  Meaning it wants you to upload whatever file you think is phishy, and it will scan it.  Now if the file is malicious VirusTotal will tell you which anti-virus flagged the file.  If multiple anti-virus are triggered this means the file is indeed something malicious.  Anything you download from the internet, I would scan.  (I'm paranoid like that!)

The second tab or "URL" mode is the most useful.  Before you even click on the link, highlight and copy link address into VirusTotal "URL" tab.  Again if multiple anti-virus are triggered it's reasonable to assume the link will take you to a malware page. 

Remember that the text does not need to relate to the actual URL in the hyperlink.  In Chrome you can "Right-click" the hyperlink and then select "Copy Link Address".  This grabs the actual URL you are to be taken to.  This is what you need to enter into VirusTotal.


This is what the output or results page will look like for a 'clean' site. (LOL)

VirusTotal gives you the ability to scan files and links with multiple anti-virus detection engines.  By checking your URL's you have prevented any malware from getting on your computer in the first place.  If they all say clean it's reasonable to assume the URL is safe and you can click the link.  (This is by no means a guarantee, malware can evade VT)

You should use VirusTotal as an "on-the-spot" check, not a replacement for conventional anti-virus.

https://www.virustotal.com/#/home/upload

Comments

Post a Comment

Popular posts from this blog

A magic-wormhole!

Image
Have you ever struggled to get a file from one computer to another?  What if the file surpasses the size limits of Google Drive or Dropbox? Yes, you can SSH/SCP, FTP, HTTP, USB, script the hell out of it but isn't there something that allows us to transfer large files easily? And is "securely" too much to ask too? https://github.com/warner/magic-wormhole TL;DR, The concept is; you and your recipient would have another secure means to transfer a secure pass-phrase.  The sender would tell the receiver what pass-phrase accesses the package.  The odds somebody else entering the same phrase into the wormhole at the right time is approximately 3720 to 1! (I don't know the exact math but its really hard to MitM)  "The package is at whisky-tango-foxtrot." Here's the -help,  Magic Wormhole supports multiple modes; # Wormhole send                     # Activates prompt for a message to send, Text mes...
Read more

Quick Tip -Sysinternals-

Image
I been slacking on this blogging thing.  Anyway I wanted to show a quick tip that I want to build off going forward with more posts. Sysinternals is a great free tool that can help you with numerous computer issues. https://docs.microsoft.com/en-us/sysinternals/ Another cool thing is Sysinternals Live , basically a website that hosts all the Sysinternals Tools. https://live.sysinternals.com/ The really cool feature I wanted to go over, is mounting this website as a local drive, or calling these tools straight from the command line. P$> \\live.sysinternals.com\tools\procmon.exe This command will fire up procmon.exe. (I got a post coming up for procmon) Syntax= \\live.sysinternals.com\tools\ TOOL.EXE It may take a moment but all the Sysinternals tools are available to you, over the wire.  Pretty neat.  Another way to demonstrate this is by mapping that entire web directory to a location on your computer. Click "This PC" > "Compute...
Read more

How I use Sysinternals

Image
Hey, In my previous post I demonstrated how to add the Sysinternals tools to your computer from  https://live.sysinternals.com/ .  "Neat, now what?"  This is not a comprehensive guide to Sysinternals merely how I use these tools to increase my cyber safety. If you browsed to  https://live.sysinternals.com  you'll notice there is numerous tools.  I just want to quickly show a few of the tools I have found most useful and how I use them. 1.) Sigcheck  - " Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains." You can run it via: PS C:\Users\Matt> \\live.sysinternals.com\tools\sigcheck.exe -h -v "C:\Users\Matt\Downloads\pro cesshacker-3.0.1424-setup.exe" >> sigchecktest.txt This command is run against a "file", usually something you just downloaded/received.  You are unsure about it's safety.  You can run "Sigcheck...
Read more