Idea #5533: Pidgin URL cross checking

Written by neomenlo the 24 Mar 08 at 00:12. Category: Security.
Related to: Nothing/Others. Status: New

Description

There is a deceptive practice of tricking a user into visiting a site by using instant messaging.

One example would be that the user could get an IM thinking that their friend wants to them to see an image. The message would read "Check out this picture http://photobucket.com/image.jpg", but the link would actually lead to somewhere else. Almost always it will lead to something dangerous or otherwise unwanted like a virus executable or a vulgar website.

This could be very simply and automatically protected through pidgin. A plugin could validate that all links with text that looks like a URL, actually leads to the URL it looks like.

Something that reads "http://google.com" should always lead to "http://google.com" However it is possible that the text may not read as a URL, and it could read like "This Website" and lead to "http://google.com"

So I would like to see a system message, show in the same area that you would normally see "this person has gone away" show a notification that the link is misleadings and an explanation of the risks. This would only show up if the link's text looks like a URL, and the href does not match it.

Tags: (none)

Attachments

No attachments.

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

mikedep333 wrote on the 24 Mar 08 at 01:23

I doubt we will actually have to worry about viruses, but certainly people could be scammed into thinking they're going to check their mail at http://www.gmail.com and instead go to a scammer site at http://gmail.verysecuresite.cn , which would be a scam.

neomenlo wrote on the 24 Mar 08 at 01:32

Yeah, viruses is a bad example. The vulgar, seedy websites are definitely something to worry about though.

Furthermore, this could just be added to pidgin, which would help a lot of poor, vulnerable Windows users.

I made this "New Enhancement" request in Pidgin's trac:
http://developer.pidgin.im/ticket/4683

maix wrote on the 24 Mar 08 at 16:57

(don't want to register there, so I answer here:)

> 2: The url leads to an executable

> I don't think I've ever seen an executable transfered via IM protocol. So, links to executables should also bring up a warning dialog telling the risks.
How do you want to see if it is an executable just with the link, without sending a request there? That's not possible.

neomenlo wrote on the 24 Mar 08 at 19:56

Most executables will end with certain extensions.
Examples:
.exe
.com
.bat
.sh
Obviously that won't weed out all of them, like executable texts, but it's a start.
I think I may have phrased that weirdly on Pidgin's Trac.

3wings wrote on the 23 Apr 08 at 21:55

@neomenlo
I think what maix is trying to say is even the URL is not pointing to an executable, it can point to a normal HTML page that initiates a download when it is accessed.

That's how SourceForge handles downloads, for example.

Monicker wrote on the 3 May 08 at 14:31

A malicious web page does not have to initiate a download to be malicious. There have been several cases where a malicious url was able to change the settings on a person's home router. Other exploits have allowed for the retrieval of password information via browser flaws.

Suspicious urls should be noted when possible, though I think there is still some chance of false positives for legitimage sites.

Post your comment