18

I got a link to http://61.19.247.192/~naowit/dustin.html, which was masked as a youtube.com link via email. Now I'm not willing to visit it because I know it's probably got some type of malware on it, or at the very least a scam/phishing attempt.

But... I'm always curious when I get these links. I want to visit them to see what they are up to. I have Sandboxie, but is that secure enough if I simply run the browser in a sandbox?

In general, how should you visit links that you are unsure of? I always have NoScript running, but I know that's not enough.

SQB
  • 421
  • 3
  • 11
Greg
  • 181
  • 2
  • 6
    You could download the target page with wget, a self written program, telnet ;-), or something else and view/analyze it in plain text. – ordag Mar 11 '12 at 00:05
  • 1
    The site redirects you to another domain with an online drugstore. Remember, don't but these things on the internet but from your local store after consultation of your doctor. – ordag Mar 11 '12 at 00:18
  • What OS are you running? – David Mar 11 '12 at 02:35
  • Hi Greg, welcome to [security.se]. Please take a moment to read the [FAQ]. Btw, I'm pretty sure there was another very similar question here, that already has some very good answers, but I cant find it now. – AviD Mar 11 '12 at 08:21
  • @David - I'm using Windows7 64bit – Greg Mar 11 '12 at 09:49
  • @Ordag - I've used wget on my Linux server, wasn't sure there was a Windows version of it? I did a quick google and http://gnuwin32.sourceforge.net/packages/wget.htm is the first result, but the website is down for me. – Greg Mar 11 '12 at 09:50
  • 1
    @AviD - Hi, thanks for the welcome. This site is pretty amazing so far. – Greg Mar 11 '12 at 09:51
  • 1
    @Greg On Windows I'd using the present PowerShell: `(New-Object System.Net.WebClient).DownloadString("http://whatever") > whatever.txt` – ordag Mar 11 '12 at 10:24

3 Answers3

6

If you're of a technical nature, you may like Malzilla. Old school folks may appreciate Lynx

Both are text only ways of accessing a web page. Malzilla provides diagnostics useful per-page, and Lynx is a text based browser.

But I only use them when I'm suspicious of something. In the meantime I just use Chrome or IE in a virtual machine. I like Oracle's Virtual Box since it allows me to use a 64 bit client OS, where other virtualization solutions don't

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • Hi Makerofthigns7, I've haven't heard of either of those; I'll read up on both. I have a couple VM applications installed already actually (for class); so I'll just install another Windows 7 for purposes like this only. However, while searching for answers, I found this: http://security.stackexchange.com/questions/12546/is-it-safe-to-install-malware-in-a-vm - so VM's are safe, but not 100 percent apparently. Maybe I'll double up and use Sandboxie inside a VM. – Greg Mar 11 '12 at 09:58
  • I'm a huge fan of Lynx, and use it fairly often. Sometimes it's fun to see what sort of muck people are trying to get up to. – Wayne Werner Jan 21 '13 at 17:44
  • I like Malzilla, it hasn't been updated in about 5 years though sadly :( – NULLZ May 27 '13 at 03:29
4

There are numerous technologies you can use. It all depends on your OS and how far you want to go.

On Windows, the easiest is to use Sandboxie to sandbox your browser. On Linux/BSD you could setup a chroot or jail to run the browser from.

Another choice is to set up a virtual machine using Vmware, KVM , Xen, VirtualBox or Parallels and run a browser in there. This will require you to install a full OS, but will give you an extra level of isolation.

The easiest thing to do, is to delete the email and forget about the link. No point in playing with fire.

David
  • 141
  • 2
  • Ok, I'll give Sandboxie a try. I've had it for years, but I've never really used it for security reasons. I always used it to run 2 instances of the same program. lol – Greg Mar 11 '12 at 09:52
0

I have always spun up a quick VM and opened in there. I know this sounds like a lot of work just to check a link, but if you have VMs already running...no big deal.

cyb3ard
  • 29
  • 4