Self-protection of Web sites and malicious links

Summary

When you point to a hyperlink in Microsoft Internet Explorer, Microsoft Outlook Express, or Microsoft Outlook, the address of the corresponding Web site is usually displayed in the status bar at the bottom of the window. After the link you clicked is opened in Internet Explorer, the address of the corresponding Web site is usually displayed in the address bar of Internet Explorer, and the title of the corresponding Web page is usually displayed in the title bar of the window.

However, malicious users may create a link pointing to a fraudulent (fake) Web site and display the address or URL of a valid Web site in the status bar, address bar, and title bar. This article describes how you can mitigate the impact of this problem and how to identify fraudulent (fake) Web sites or URLs.

This article also discusses how you can prevent fake Web sites. These methods are summarized as follows:

• Install MS04-004 Internet Explorer Cumulative Security Update (832894 ).
• Before entering any personal or sensitive information, make sure there is a lock icon in the lower-right status bar and verify that the name of the server on the page you are viewing is provided.
• Do not click any hyperlink that you do not trust. You should enter such information in the address bar.

Install MS04-004 Internet Explorer Cumulative Security Update (832894)
For more information about this security update, visit the following Microsoft Web site:
Http://www.microsoft.com/technet/security/Bulletin/MS04-004.asp

This article also discusses how to help you identify fake Web sites and malicious hyperlinks.

How to prevent fake Web Sites

Before entering any sensitive information, make sure that the Web site uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) and check the server name.

SSL/TLS is usually used to encrypt information transmitted over the Internet to protect information. However, SSL/TLS can also be used to verify whether you have sent data to the correct server. By checking the name on the SSL/TLS digital certificate user, you can verify that the name of the server on the page you are viewing is provided. Therefore, make sure that the lock icon is displayed in the lower right corner of the Internet Explorer window.

Note: If the status bar is not enabled, the lock icon is not displayed. To enable the status bar, click View and select status bar ".

To verify the server name displayed on the digital certificate, double-click the lock icon and check the name displayed next to "issued. If the Web site does not use SSL/TLS, do not send any personal or sensitive information to the site. If the name displayed next to "issue to" is different from the name of the site on which you believe that you are viewing the page, close the browser to exit the site. For more information about how to perform this operation, visit the following Microsoft Web site:
Asp ### NextPage> how to prevent malicious hyperlinks in http://www.microsoft.com/security/incident/spoof.asp###NextPage ###

The most effective way to prevent malicious hyperlinks is to enter the URL you want to access in the address bar without clicking such hyperlinks. You can manually enter a URL in the address bar to verify the information that will be used when Internet Explorer accesses the target Web site. To do this, type a URL in the address bar and press Enter.

Note: If the address bar is not enabled, the address bar is not displayed. To enable the address bar, click "View", point to "toolbar", and click "address bar ".

How to identify fake websites when Web sites do not use SSL/TLS

To verify the name of the site that provides the page you are viewing, use SSL/TLS to verify the name on the digital certificate. However, if the site does not use SSL/TLS, you cannot finally provide the name of the site on the page you are viewing. However, in some cases, you can use some methods to help you identify fake sites.

Warning the following information provides some general rules for known attacks. Because attacks often change, malicious users may use methods not described here to create fake Web sites. To help you protect yourself, you can enter personal or sensitive information only after you have verified the name on the digital certificate. In addition, if you suspect the authenticity of a site for any reason, immediately exit the site by closing the browser window. Generally, the quickest way to close a browser window is to press ALT + F4.

Try to identify the URL of the current Web page

To identify the URL of the current Web site, use the following method.

Use the Jscript command to identify the actual URL of the current Web site

Use the JScript command in Internet Explorer. In the address bar, type the following command and press Enter:

Javascript: alert ("Actual URL address:" + location. protocol + "//" + location. hostname + "/");

Warning be careful when you type a script directly in the address bar. The script you typed directly in the address bar can perform the operations that the current logon user can perform on the local system.

The JScript message box displays the actual URL Web address of the Web site you are visiting.

You can also copy the following JScript code and paste it into the address bar to get a more detailed description about the URL of the Web site:

Javascript: alert ("The actual URL is:" + location. protocol + "//" + location. hostname + "/" + "The address URL is:" + location. href + "" + "If the server names do not match, this may be a spoof. ");

Compare the actual URL with the URL in the address bar. If they do not match, the website may be falsely reported. In this case, you may need to disable Internet Explorer.

Use the "History" pane in Internet Explorer to identify the actual URL of the current Web site

In some cases that Microsoft has verified, you can also use the "History" browser bar in Internet Explorer to help identify the URL of the Web page. On the "View" menu, point to "browser bar" and click "history ". Compare the URL in the address bar with the URL displayed in the "History" column. If they do not match, the Web site may be falsely reporting itself, and you may need to disable Internet Explorer.

Paste the URL to the address bar of a new Internet Explorer instance.

You can paste the URL into the address bar of a new instance of Internet Explorer. In this way, you may be able to verify the information that Internet Explorer will use when accessing the target Web site. In some cases that Microsoft has verified, you can use the following methods to verify the actual use of Internet Explorer when accessing the target Web site: copy the URL displayed in the address bar and paste it into the address bar of a new session in Internet Explorer. This method is similar to the method described in the "how to prevent fake Web sites" section above.

Warning If you perform this operation on some sites (such as e-commerce sites), this operation may cause loss of your current session. For example, the content of an online shopping cart may be lost, so that you must refill the shopping cart.

To paste a URL to the address bar of a new Internet Explorer instance, follow these steps:

1. Select the text in the address bar, right-click the text, and click Copy ".
2. Disable Internet Explorer.
3. Start Internet Explorer.
4. click in the address bar, right-click, and click paste ".
5. Press Enter.

Methods used to identify malicious hyperlinks

The only way to verify the information that Internet Explorer needs to use when accessing the target Web site is to manually type a URL in the address bar. However, in some cases, you can use some methods to help you identify malicious hyperlinks.

Warning the following information provides some general rules for known attacks. Because attacks often change, malicious users may use methods not described here to create fake Web sites. To help you protect yourself, you can enter personal or sensitive information only after you have verified the name on the digital certificate. In addition, if you suspect the authenticity of a site for any reason, immediately exit the site by closing the browser window. Generally, the quickest way to close a browser window is to press ALT + F4.

Try to identify the URL to be used by a hyperlink

To identify the URL to be used by a hyperlink, follow these steps:

1. Right-click the link and click Copy shortcut ".
2. Click start and then click Run ".
3. Type notepad and click OK ".
4. On the "edit" menu in "Notepad", click "Paste ".

In this way, you can view the complete URL of any hyperlink and check the address that Internet Explorer will use. The following lists some characters in the URL that may lead you to a fake Web site:

• % 00
• % 01
•@

For example, the following form of URL opens the http://example.com, but the URL may appear

Http://www.wingtiptoys.com:
Http://www.wingtiptoys.com % 01@example.com

Other methods that can be used

Although these operations cannot help you identify a fraudulent (fake) Web site or URL, they help to limit the damage caused by attacks that have been successfully initiated from fake Web sites or malicious hyperlinks. However, they restrict the Web site running scripts, ActiveX controls, and other potentially damaging content in emails and the Internet. • Use your Web content area to help prevent Web sites in the Internet area from running scripts, ActiveX controls, or other damaging content on your computer. First, set the security level of the Internet region to "high" in Internet Explorer ". To do this, follow these steps:

1. Click Internet Options on the Tools menu ".
2. Click the "Security" tab, click "Internet", and then click "Default level ".
3. Move the slider to "height" and click "OK ".

Then, add the URL of the Web site you trust to the "trusted site" area. For this reason, follow the steps below